Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ATLEQQXO.exe

Overview

General Information

Sample name:ATLEQQXO.exe
Analysis ID:1577351
MD5:2fd56c681ad71cfb61512d85213397fa
SHA1:d8f6d6bda59e00a56da58d596d427e834a551f36
SHA256:ae52eea09c54ce2122a585dab0231555763f5be6e90b1e63b5886cf4116ea68d
Tags:18521511316185215113209bulletproofexeuser-abus3reports
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ATLEQQXO.exe (PID: 64 cmdline: "C:\Users\user\Desktop\ATLEQQXO.exe" MD5: 2FD56C681AD71CFB61512D85213397FA)
    • pyexec.exe (PID: 3652 cmdline: "C:\Users\user\AppData\Local\Temp\pyexec.exe" MD5: B6F6C3C38568EE26F1AC70411A822405)
      • pyexec.exe (PID: 7056 cmdline: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe MD5: B6F6C3C38568EE26F1AC70411A822405)
        • cmd.exe (PID: 1488 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 2020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • uzfvalidate.exe (PID: 5792 cmdline: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • pyexec.exe (PID: 1612 cmdline: "C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe" MD5: B6F6C3C38568EE26F1AC70411A822405)
    • cmd.exe (PID: 4928 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • pyexec.exe (PID: 3412 cmdline: "C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe" MD5: B6F6C3C38568EE26F1AC70411A822405)
    • cmd.exe (PID: 4032 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • uzfvalidate.exe (PID: 1756 cmdline: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.2822716810.00000000029B0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
    00000003.00000002.2406444723.00000000035A6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      00000015.00000002.3996938900.000000000273A000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
        0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
          00000002.00000002.2251377392.0000000003555000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.uzfvalidate.exe.26f86ed.1.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              12.2.uzfvalidate.exe.26f86ed.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
              • 0x25e61e:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
              • 0x25e6a9:$s1: CoGetObject
              • 0x25e602:$s2: Elevation:Administrator!new:
              13.2.cmd.exe.29b07f8.0.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                13.2.cmd.exe.29b07f8.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
                • 0x10f60:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                • 0x10f28:$s2: Elevation:Administrator!new:
                19.2.cmd.exe.56b06cd.4.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                  Click to see the 27 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: ATLEQQXO.exeReversingLabs: Detection: 63%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\liuhwJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\gwioitaJoe Sandbox ML: detected

                  Exploits

                  barindex
                  Yara detected UAC Bypass using CMSTP
                  Source: Yara matchFile source: 12.2.uzfvalidate.exe.26f86ed.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.2.cmd.exe.29b07f8.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.cmd.exe.56b06cd.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.uzfvalidate.exe.2785aed.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.cmd.exe.56afacd.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmd.exe.4aa36cd.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.2.cmd.exe.49bbacd.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.2.cmd.exe.4976a00.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.cmd.exe.566aa00.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.uzfvalidate.exe.27866ed.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmd.exe.4a5da00.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.uzfvalidate.exe.26b2a20.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmd.exe.4aa2acd.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.uzfvalidate.exe.26f7aed.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 13.2.cmd.exe.49bc6cd.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 21.2.uzfvalidate.exe.2740a20.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000002.2822716810.00000000029B0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2406444723.00000000035A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.3996938900.000000000273A000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2251377392.0000000003555000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2764382687.0000000003533000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.2981390523.00000000034D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000D.00000002.2823008461.0000000004970000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3217827850.0000000005664000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1488, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: uzfvalidate.exe PID: 5792, type: MEMORYSTR
                  Source: ATLEQQXO.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile opened: C:\Users\user\AppData\Local\Temp\msvcr90.dllJump to behavior
                  Source: Binary string: msvcr90.i386.pdb source: ATLEQQXO.exe, 00000000.00000003.2148687754.0000000002685000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdb source: uzfvalidate.exe, 0000000C.00000002.3955179271.0000000004514000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956350132.0000000005311000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958717549.0000000006918000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956712216.0000000005715000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955347900.000000000471D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956896823.0000000005914000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957084251.0000000005B15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955676881.0000000004B16000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958015525.0000000006316000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954448719.0000000003D17000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953379376.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955014602.0000000004310000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958349558.000000000651D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959069559.0000000006D1D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3952836267.0000000002261000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957273721.0000000005D19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959248011.0000000006F12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955514590.0000000004919000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954278784.0000000003B12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955861780.0000000004D15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956023686.0000000004F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956185194.000000000511F000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957693856.0000000006112000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954612254.0000000003F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957454005.0000000005F19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954840781.000000000411E000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956522843.000000000551D000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: pyexec.exe, 00000002.00000002.2251794117.0000000003944000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2251928379.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406955370.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2407134268.0000000003FA4000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406804006.0000000003896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2715073644.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714587569.00000000046AB000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2765139868.0000000003F25000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764807863.0000000003817000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764961106.0000000003B70000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: uzfvalidate.exe, 0000000C.00000002.3955179271.0000000004514000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956350132.0000000005311000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958717549.0000000006918000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956712216.0000000005715000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955347900.000000000471D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956896823.0000000005914000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957084251.0000000005B15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955676881.0000000004B16000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958015525.0000000006316000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954448719.0000000003D17000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953379376.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955014602.0000000004310000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958349558.000000000651D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959069559.0000000006D1D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3952836267.0000000002261000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957273721.0000000005D19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959248011.0000000006F12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955514590.0000000004919000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954278784.0000000003B12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955861780.0000000004D15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956023686.0000000004F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956185194.000000000511F000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957693856.0000000006112000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954612254.0000000003F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957454005.0000000005F19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954840781.000000000411E000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956522843.000000000551D000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: pyexec.exe, 00000002.00000002.2251794117.0000000003944000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2251928379.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406955370.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2407134268.0000000003FA4000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406804006.0000000003896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2715073644.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714587569.00000000046AB000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2765139868.0000000003F25000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764807863.0000000003817000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764961106.0000000003B70000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\build27\cpython\PCBuild\python27.pdb source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000003.2248366864.000000000405D000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmp, pyexec.exe, 00000003.00000002.2407926903.000000006C0DA000.00000002.00000001.01000000.00000009.sdmp, pyexec.exe, 0000000B.00000002.2766016565.000000006CF4A000.00000002.00000001.01000000.00000009.sdmp
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_0040301A GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,0_2_0040301A
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00402B79 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00402B79
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: unknownDNS traffic detected: query: amenstilo.website replaycode: Name error (3)
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficDNS traffic detected: DNS query: amenstilo.website
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                  Source: pyexec.exe, 0000000B.00000002.2766016565.000000006CF4A000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2250471550.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2250471550.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2250471550.000000000080B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000000.2625616286.00000001401E0000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.???.xx/?search=%s
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                  Source: pyexec.exe, 00000002.00000002.2251377392.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.000000000330A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A0E000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.0000000003297000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.0000000002663000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000000.2625616286.00000001401E0000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.com
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.com/?Download=Find.Same.Images.OK
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK/History
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.com/?seite=faq-Find.Same.Images.OK&faq=0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000000.2625616286.00000001401E0000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.de
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.de/?Download=Find.Same.Images.OK
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK/History
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0
                  Source: uzfvalidate.exe, 0000000C.00000002.3959676504.0000000140156000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.surfok.de/
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                  Source: uzfvalidate.exe, 0000000C.00000003.3641598903.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3305019497.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3390277684.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3051516757.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3220466988.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/
                  Source: uzfvalidate.exe, 0000000C.00000003.3220466988.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/0
                  Source: uzfvalidate.exe, 0000000C.00000003.3649828617.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3641598903.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/4
                  Source: uzfvalidate.exe, 0000000C.00000003.3558222037.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/8
                  Source: uzfvalidate.exe, 0000000C.00000003.3641359016.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3558222037.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/D
                  Source: uzfvalidate.exe, 0000000C.00000003.3220466988.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/Don_Edwards?atyh7eeqttnb3s=fQ7RLJljbyh%2BwDv7gAgqxsUgC17NXOOzLhsEZLteSFedN
                  Source: uzfvalidate.exe, 0000000C.00000002.3952382284.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/d
                  Source: uzfvalidate.exe, 0000000C.00000003.3051516757.00000000005F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/h
                  Source: uzfvalidate.exe, 0000000C.00000003.3390277684.00000000005E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/l
                  Source: uzfvalidate.exe, 0000000C.00000003.3051516757.00000000005F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website/p
                  Source: uzfvalidate.exe, 0000000C.00000003.3390123056.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3388139241.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3558131615.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3220404306.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3641285573.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3557965099.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3724668528.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3304960829.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3475082327.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3303372402.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3641502986.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3649743970.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3952599287.000000000061F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website:443
                  Source: uzfvalidate.exe, 0000000C.00000003.3641359016.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3558222037.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3051409979.0000000000609000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3134472158.000000000060B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website:443/Don_Edwards?atyh7eeqttnb3s=fQ7RLJljbyh%2BwDv7gAgqxsUgC17NXOOzLhsEZLteS
                  Source: uzfvalidate.exe, 0000000C.00000003.3218854870.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3135964308.000000000061F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website:443H
                  Source: uzfvalidate.exe, 0000000C.00000003.3557965099.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3475082327.000000000061F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amenstilo.website:443e
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2250471550.000000000080B000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2250471550.000000000080B000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 12.2.uzfvalidate.exe.26f86ed.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 13.2.cmd.exe.29b07f8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 19.2.cmd.exe.56b06cd.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 21.2.uzfvalidate.exe.2785aed.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 19.2.cmd.exe.56afacd.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 5.2.cmd.exe.4aa36cd.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 13.2.cmd.exe.49bbacd.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 13.2.cmd.exe.4976a00.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 19.2.cmd.exe.566aa00.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 21.2.uzfvalidate.exe.27866ed.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 5.2.cmd.exe.4a5da00.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 12.2.uzfvalidate.exe.26b2a20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 5.2.cmd.exe.4aa2acd.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 12.2.uzfvalidate.exe.26f7aed.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 13.2.cmd.exe.49bc6cd.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 21.2.uzfvalidate.exe.2740a20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00404FAA0_2_00404FAA
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_0041206B0_2_0041206B
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_0041022D0_2_0041022D
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00411F910_2_00411F91
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CD88DF02_2_6CD88DF0
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB3F102_2_6CCB3F10
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CD89F302_2_6CD89F30
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB22902_2_6CCB2290
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CD8BBC02_2_6CD8BBC0
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB13E12_2_6CCB13E1
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB13E02_2_6CCB13E0
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6BFA13E03_2_6BFA13E0
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6BFA13E13_2_6BFA13E1
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6BFA22903_2_6BFA2290
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6C078DF03_2_6C078DF0
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6C079F303_2_6C079F30
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6BFA3F103_2_6BFA3F10
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6C07BBC03_2_6C07BBC0
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: String function: 6CDE1420 appears 81 times
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: String function: 6CDC08E0 appears 244 times
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: String function: 6CD47460 appears 36 times
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: String function: 6CD6CAD0 appears 119 times
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: String function: 6CDBFDF0 appears 205 times
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: String function: 0040243B appears 37 times
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: String function: 6C0D1420 appears 81 times
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: String function: 6C0B08E0 appears 253 times
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: String function: 6C0AFDF0 appears 205 times
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: String function: 6C05CAD0 appears 122 times
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: String function: 6C037460 appears 36 times
                  Source: uzfvalidate.exe.5.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
                  Source: liuhw.19.drStatic PE information: Number of sections : 12 > 10
                  Source: gwioita.5.drStatic PE information: Number of sections : 12 > 10
                  Source: ATLEQQXO.exe, 00000000.00000003.2141373435.000000000242D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename7ZSfxMod_x86.exe< vs ATLEQQXO.exe
                  Source: ATLEQQXO.exe, 00000000.00000000.2140450803.0000000000432000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7ZSfxMod_x86.exe< vs ATLEQQXO.exe
                  Source: ATLEQQXO.exe, 00000000.00000003.2149349443.0000000002660000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython27.dll. vs ATLEQQXO.exe
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSVCR90.DLL^ vs ATLEQQXO.exe
                  Source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000295E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython27.dll. vs ATLEQQXO.exe
                  Source: ATLEQQXO.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 12.2.uzfvalidate.exe.26f86ed.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 13.2.cmd.exe.29b07f8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 19.2.cmd.exe.56b06cd.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 21.2.uzfvalidate.exe.2785aed.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 19.2.cmd.exe.56afacd.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 5.2.cmd.exe.4aa36cd.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 13.2.cmd.exe.49bbacd.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 13.2.cmd.exe.4976a00.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 19.2.cmd.exe.566aa00.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 21.2.uzfvalidate.exe.27866ed.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 5.2.cmd.exe.4a5da00.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 12.2.uzfvalidate.exe.26b2a20.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 5.2.cmd.exe.4aa2acd.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 12.2.uzfvalidate.exe.26f7aed.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 13.2.cmd.exe.49bc6cd.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 21.2.uzfvalidate.exe.2740a20.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: classification engineClassification label: mal92.expl.evad.winEXE@20/17@12/0
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00407776 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,0_2_00407776
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_0040118A GetDiskFreeSpaceExW,SendMessageW,0_2_0040118A
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_004034C1 _wtol,_wtol,SHGetSpecialFolderPathW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,CoCreateInstance,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_004034C1
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00401BDF GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,0_2_00401BDF
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeFile created: C:\Users\user\AppData\Roaming\UpdateChrome_ZeJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5344:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:120:WilError_03
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile created: C:\Users\user\AppData\Local\Temp\kkfppsJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCommand line argument: windows_exe2_2_00401110
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCommand line argument: sys2_2_00401110
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCommand line argument: _MessageBox2_2_00401110
                  Source: ATLEQQXO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: ATLEQQXO.exeReversingLabs: Detection: 63%
                  Source: pyexec.exeString found in binary or memory: --help
                  Source: pyexec.exeString found in binary or memory: --help
                  Source: pyexec.exeString found in binary or memory: --help
                  Source: pyexec.exeString found in binary or memory: --help
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile read: C:\Users\user\Desktop\ATLEQQXO.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\ATLEQQXO.exe "C:\Users\user\Desktop\ATLEQQXO.exe"
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeProcess created: C:\Users\user\AppData\Local\Temp\pyexec.exe "C:\Users\user\AppData\Local\Temp\pyexec.exe"
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeProcess created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe "C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe C:\Users\user\AppData\Local\Temp\uzfvalidate.exe
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe "C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe"
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe C:\Users\user\AppData\Local\Temp\uzfvalidate.exe
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeProcess created: C:\Users\user\AppData\Local\Temp\pyexec.exe "C:\Users\user\AppData\Local\Temp\pyexec.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeProcess created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe C:\Users\user\AppData\Local\Temp\uzfvalidate.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe C:\Users\user\AppData\Local\Temp\uzfvalidate.exeJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: pla.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: pdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: tdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: wevtapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: shdocvw.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: pla.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: pdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: tdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: wevtapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: shdocvw.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: pla.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: pdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: tdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: wevtapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: shdocvw.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: shdocvw.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: msftedit.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: comsvcs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmlua.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: pla.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: pdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: tdh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: wevtapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: shdocvw.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: shdocvw.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: ilcvp.5.drLNK file: ..\..\Roaming\UpdateChrome_Ze\pyexec.exe
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Windows\SysWOW64\msftedit.dllJump to behavior
                  Source: ATLEQQXO.exeStatic file information: File size 5343929 > 1048576
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile opened: C:\Users\user\AppData\Local\Temp\msvcr90.dllJump to behavior
                  Source: Binary string: msvcr90.i386.pdb source: ATLEQQXO.exe, 00000000.00000003.2148687754.0000000002685000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdb source: uzfvalidate.exe, 0000000C.00000002.3955179271.0000000004514000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956350132.0000000005311000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958717549.0000000006918000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956712216.0000000005715000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955347900.000000000471D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956896823.0000000005914000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957084251.0000000005B15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955676881.0000000004B16000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958015525.0000000006316000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954448719.0000000003D17000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953379376.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955014602.0000000004310000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958349558.000000000651D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959069559.0000000006D1D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3952836267.0000000002261000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957273721.0000000005D19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959248011.0000000006F12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955514590.0000000004919000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954278784.0000000003B12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955861780.0000000004D15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956023686.0000000004F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956185194.000000000511F000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957693856.0000000006112000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954612254.0000000003F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957454005.0000000005F19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954840781.000000000411E000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956522843.000000000551D000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: pyexec.exe, 00000002.00000002.2251794117.0000000003944000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2251928379.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406955370.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2407134268.0000000003FA4000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406804006.0000000003896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2715073644.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714587569.00000000046AB000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2765139868.0000000003F25000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764807863.0000000003817000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764961106.0000000003B70000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: uzfvalidate.exe, 0000000C.00000002.3955179271.0000000004514000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956350132.0000000005311000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958717549.0000000006918000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956712216.0000000005715000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955347900.000000000471D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956896823.0000000005914000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957084251.0000000005B15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955676881.0000000004B16000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958015525.0000000006316000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954448719.0000000003D17000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953379376.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955014602.0000000004310000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3958349558.000000000651D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959069559.0000000006D1D000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3952836267.0000000002261000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957273721.0000000005D19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959248011.0000000006F12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955514590.0000000004919000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954278784.0000000003B12000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3955861780.0000000004D15000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956023686.0000000004F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956185194.000000000511F000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957693856.0000000006112000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954612254.0000000003F1A000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3957454005.0000000005F19000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3954840781.000000000411E000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3956522843.000000000551D000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: pyexec.exe, 00000002.00000002.2251794117.0000000003944000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2251928379.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406955370.0000000003BF0000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2407134268.0000000003FA4000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406804006.0000000003896000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2715073644.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714587569.00000000046AB000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2765139868.0000000003F25000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764807863.0000000003817000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764961106.0000000003B70000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\build27\cpython\PCBuild\python27.pdb source: ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000002.00000003.2248366864.000000000405D000.00000004.00000001.00020000.00000000.sdmp, pyexec.exe, 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmp, pyexec.exe, 00000003.00000002.2407926903.000000006C0DA000.00000002.00000001.01000000.00000009.sdmp, pyexec.exe, 0000000B.00000002.2766016565.000000006CF4A000.00000002.00000001.01000000.00000009.sdmp
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00406D5D LoadLibraryA,GetProcAddress,GetModuleHandleW,GetWindow,GetWindow,LoadIconW,GetWindow,0_2_00406D5D
                  Source: liuhw.19.drStatic PE information: real checksum: 0x27642f should be: 0x27b597
                  Source: pyexec.exe.2.drStatic PE information: real checksum: 0x7592 should be: 0x73ad
                  Source: python27.dll.2.drStatic PE information: real checksum: 0x29675c should be: 0x28d381
                  Source: pyexec.exe.0.drStatic PE information: real checksum: 0x7592 should be: 0x73ad
                  Source: python27.dll.0.drStatic PE information: real checksum: 0x29675c should be: 0x28d381
                  Source: ATLEQQXO.exeStatic PE information: real checksum: 0x33302 should be: 0x51ac35
                  Source: gwioita.5.drStatic PE information: real checksum: 0x27642f should be: 0x27b597
                  Source: uzfvalidate.exe.5.drStatic PE information: section name: Shared
                  Source: gwioita.5.drStatic PE information: section name: .xdata
                  Source: gwioita.5.drStatic PE information: section name: aeeh
                  Source: liuhw.19.drStatic PE information: section name: .xdata
                  Source: liuhw.19.drStatic PE information: section name: aeeh
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00411C20 push eax; ret 0_2_00411C4E
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_00402F71 push ecx; ret 2_2_00402F84
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB3C88 push ss; retf 2_2_6CCB3C89
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB5988 push edx; retf 2_2_6CCB598A
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB5980 push ecx; retf 2_2_6CCB5982
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB597C push ecx; retf 2_2_6CCB597E
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB5938 push ebp; retf 2_2_6CCB593A
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB5930 push 00000047h; retf 2_2_6CCB5932
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCB5934 push ebx; retf 2_2_6CCB5936
                  Source: msvcr90.dll.0.drStatic PE information: section name: .text entropy: 6.9217598022130655
                  Source: msvcr90.dll.2.drStatic PE information: section name: .text entropy: 6.9217598022130655
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\gwioitaJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeFile created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\python27.dllJump to dropped file
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile created: C:\Users\user\AppData\Local\Temp\msvcr90.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeFile created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\msvcr90.dllJump to dropped file
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile created: C:\Users\user\AppData\Local\Temp\python27.dllJump to dropped file
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeFile created: C:\Users\user\AppData\Local\Temp\pyexec.exeJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\liuhwJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeFile created: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\gwioitaJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\liuhwJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Found hidden mapped module (file has been removed from disk)
                  Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\GWIOITA
                  Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\LIUHW
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeAPI/Special instruction interceptor: Address: 6C2B7C44
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeAPI/Special instruction interceptor: Address: 6D0A7C44
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeAPI/Special instruction interceptor: Address: 6D0A7945
                  Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6D0A3B54
                  Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gwioitaJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\python27.dllJump to dropped file
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\msvcr90.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\msvcr90.dllJump to dropped file
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\python27.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\liuhwJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeAPI coverage: 0.8 %
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeAPI coverage: 0.5 %
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe TID: 4436Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe TID: 4436Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe TID: 1056Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe TID: 1056Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_0040301A GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,0_2_0040301A
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00402B79 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00402B79
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                  Source: uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                  Source: ATLEQQXO.exe, 00000000.00000002.2253004066.0000000000660000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                  Source: uzfvalidate.exe, 0000000C.00000002.3952382284.000000000059E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCCF
                  Source: uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                  Source: uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                  Source: uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_004030A8 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_004030A8
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00406D5D LoadLibraryA,GetProcAddress,GetModuleHandleW,GetWindow,GetWindow,LoadIconW,GetWindow,0_2_00406D5D
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CCA11D7 mov eax, dword ptr fs:[00000030h]2_2_6CCA11D7
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6BF911D7 mov eax, dword ptr fs:[00000030h]3_2_6BF911D7
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_004022C0 free,free,VirtualFree,free,GetProcessHeap,HeapFree,2_2_004022C0
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_004030A8 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_004030A8
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_00402CAD SetUnhandledExceptionFilter,2_2_00402CAD
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: 2_2_6CDE8908 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,2_2_6CDE8908
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: 3_2_6C0D8908 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_6C0D8908

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF7419A1CBFJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationToken: Direct from: 0x7FF7419F7970Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationProcess: Direct from: 0x7FF618ED6FA9Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF7419FFBDA
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x14011D864
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF6190668C3
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationProcess: Direct from: 0x7FF7419A6FA9Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Indirect: 0x14012000F
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF618E27DC7Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF7419FBAC8Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FFDB4404B5EJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF618ED1CBFJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x7FF74199F991Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF74199420FJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateThreadEx: Direct from: 0x7FF618E24803Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationToken: Direct from: 0x7FF7419C3CE6Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF618EC3E22Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF618EF8830Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF741993E22Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF741B351E2Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF7418F4541Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF618F2A4CDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF741B37BDFJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF618F2FBDAJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF619067BDFJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeNtQuerySystemInformation: Direct from: 0x401CF4Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF618ED72D3
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtOpenKeyEx: Direct from: 0x7FF618EF706CJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF741B368C3
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF618EF85F7Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeNtSetInformationThread: Direct from: 0x6BF923FDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationToken: Direct from: 0x7FF618EF3CE6Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF6190651E2Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF7419C7F3AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF618EF7AC3Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationProcess: Direct from: 0x7FF618ED6830Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF7419A4B9AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtReadVirtualMemory: Direct from: 0x7FF741B31F6DJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtSetInformationProcess: Direct from: 0x7FF618ED7D3AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtSetInformationProcess: Direct from: 0x7FF7419A671EJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF618F2BAC8Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF619065670Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x7FF741B343E0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF6190668D7
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF618EC420FJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF6190668E5
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF741B368D7
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x7FF61906224FJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x7FF618ECF991Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF618E24541Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationToken: Direct from: 0x7FF618F27970Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationToken: Direct from: 0x7FFDB43E26A1Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF618ED4B9AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF7419C7AC3Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryInformationProcess: Direct from: 0x7FF7419A6830Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF61906BF83Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtReadFile: Direct from: 0x7FF618ECFC47Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x7FF6190643E0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF741B35670Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtSetInformationProcess: Direct from: 0x7FF7419A7D3AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtReadVirtualMemory: Direct from: 0x7FF619061F6DJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtSetInformationProcess: Direct from: 0x7FF618ED671EJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF7418F7DC7Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF74198A3C6Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF618EF7F3AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF618EBA3C6Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeNtSetInformationThread: Direct from: 0x6BF623FDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF619065242Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF618F59FCBJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQuerySystemInformation: Direct from: 0x7FF741A29FCBJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeNtSetInformationThread: Direct from: 0x6CE023FDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF7419C85F7Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF618ECFBB4Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtReadFile: Direct from: 0x7FF74199FC47Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateFile: Direct from: 0x7FF741B3224FJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF741B368E5
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtClose: Direct from: 0x7FF7419A72D3
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF61906DFC6Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtOpenKeyEx: Direct from: 0x7FF7419C706CJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF741B3DEEEJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF61906DEEEJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF74199FBB4Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtAllocateVirtualMemory: Direct from: 0x7FF7419FA4CDJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF741B3DFC6Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtProtectVirtualMemory: Direct from: 0x7FF741B35242Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtQueryValueKey: Direct from: 0x7FF7419C8830Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeNtCreateThreadEx: Direct from: 0x7FF7418F4803Jump to behavior
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe protection: read writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe protection: read writeJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe base: 14011BC08Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe base: 2AA010Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe base: 14011BC08Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe base: 2D2010Jump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeProcess created: C:\Users\user\AppData\Local\Temp\pyexec.exe "C:\Users\user\AppData\Local\Temp\pyexec.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe C:\Users\user\AppData\Local\Temp\uzfvalidate.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uzfvalidate.exe C:\Users\user\AppData\Local\Temp\uzfvalidate.exeJump to behavior
                  Source: pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_0040D72E cpuid 0_2_0040D72E
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,0_2_00401F9D
                  Source: C:\Users\user\AppData\Local\Temp\pyexec.exeCode function: GetACP,PyOS_snprintf,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_Py_NoneStruct,Py_BuildValue,2_2_6CCAFDD0
                  Source: C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exeCode function: GetACP,PyOS_snprintf,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_Py_NoneStruct,Py_BuildValue,3_2_6BF9FDD0
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00401626 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00401626
                  Source: C:\Users\user\Desktop\ATLEQQXO.exeCode function: 0_2_00404FAA GetVersionExW,GetCommandLineW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,memset,ShellExecuteExW,WaitForSingleObject,CloseHandle,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,0_2_00404FAA
                  Source: C:\Users\user\AppData\Local\Temp\uzfvalidate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Command and Scripting Interpreter                  		11
                  DLL Side-Loading                  		212
                  Process Injection                  		11
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Native API                  		Boot or Logon Initialization Scripts1
                  Abuse Elevation Control Mechanism                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory121
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media1
                  Non-Application Layer Protocol                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
                  DLL Side-Loading                  		212
                  Process Injection                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information                  		NTDS2
                  Process Discovery                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Abuse Elevation Control Mechanism                  		LSA Secrets3
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                  Obfuscated Files or Information                  		Cached Domain Credentials145
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Software Packing                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                  DLL Side-Loading                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577351 Sample: ATLEQQXO.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 92 62 amenstilo.website 2->62 64 Malicious sample detected (through community Yara rule) 2->64 66 Multi AV Scanner detection for submitted file 2->66 68 Yara detected UAC Bypass using CMSTP 2->68 70 2 other signatures 2->70 10 ATLEQQXO.exe 7 2->10         started        13 pyexec.exe 1 2->13         started        16 pyexec.exe 1 2->16         started        signatures3 process4 file5 56 C:\Users\user\AppData\Local\...\python27.dll, PE32 10->56 dropped 58 C:\Users\user\AppData\Local\Temp\pyexec.exe, PE32 10->58 dropped 60 C:\Users\user\AppData\Local\...\msvcr90.dll, PE32 10->60 dropped 18 pyexec.exe 6 10->18         started        96 Maps a DLL or memory area into another process 13->96 98 Found direct / indirect Syscall (likely to bypass EDR) 13->98 22 cmd.exe 2 13->22         started        24 cmd.exe 1 16->24         started        signatures6 process7 file8 44 C:\Users\user\AppData\...\python27.dll, PE32 18->44 dropped 46 C:\Users\user\AppData\Roaming\...\pyexec.exe, PE32 18->46 dropped 48 C:\Users\user\AppData\Roaming\...\msvcr90.dll, PE32 18->48 dropped 72 Switches to a custom stack to bypass stack traces 18->72 74 Found direct / indirect Syscall (likely to bypass EDR) 18->74 26 pyexec.exe 1 18->26         started        50 C:\Users\user\AppData\Local\Temp\liuhw, PE32+ 22->50 dropped 76 Writes to foreign memory regions 22->76 78 Maps a DLL or memory area into another process 22->78 29 uzfvalidate.exe 22->29         started        31 conhost.exe 22->31         started        33 conhost.exe 24->33         started        signatures9 process10 signatures11 90 Maps a DLL or memory area into another process 26->90 92 Switches to a custom stack to bypass stack traces 26->92 94 Found direct / indirect Syscall (likely to bypass EDR) 26->94 35 cmd.exe 5 26->35         started        process12 file13 52 C:\Users\user\AppData\...\uzfvalidate.exe, PE32+ 35->52 dropped 54 C:\Users\user\AppData\Local\Temp\gwioita, PE32+ 35->54 dropped 80 Writes to foreign memory regions 35->80 82 Found hidden mapped module (file has been removed from disk) 35->82 84 Maps a DLL or memory area into another process 35->84 86 Switches to a custom stack to bypass stack traces 35->86 39 uzfvalidate.exe 35->39         started        42 conhost.exe 35->42         started        signatures14 process15 signatures16 88 Found direct / indirect Syscall (likely to bypass EDR) 39->88

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  ATLEQQXO.exe63%ReversingLabsWin32.Downloader.Rugmi

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\liuhw100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\gwioita100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\msvcr90.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\pyexec.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\python27.dll4%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\uzfvalidate.exe0%ReversingLabs
                  C:\Users\user\AppData\Roaming\UpdateChrome_Ze\msvcr90.dll0%ReversingLabs
                  C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe0%ReversingLabs
                  C:\Users\user\AppData\Roaming\UpdateChrome_Ze\python27.dll4%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://amenstilo.website/p0%Avira URL Cloudsafe
                  https://amenstilo.website/l0%Avira URL Cloudsafe
                  https://amenstilo.website/00%Avira URL Cloudsafe
                  https://amenstilo.website/0%Avira URL Cloudsafe
                  https://amenstilo.website/40%Avira URL Cloudsafe
                  https://amenstilo.website:443H0%Avira URL Cloudsafe
                  https://amenstilo.website/80%Avira URL Cloudsafe
                  https://amenstilo.website/h0%Avira URL Cloudsafe
                  https://amenstilo.website/d0%Avira URL Cloudsafe
                  https://amenstilo.website/Don_Edwards?atyh7eeqttnb3s=fQ7RLJljbyh%2BwDv7gAgqxsUgC17NXOOzLhsEZLteSFedN0%Avira URL Cloudsafe
                  https://amenstilo.website:443e0%Avira URL Cloudsafe
                  https://amenstilo.website:443/Don_Edwards?atyh7eeqttnb3s=fQ7RLJljbyh%2BwDv7gAgqxsUgC17NXOOzLhsEZLteS0%Avira URL Cloudsafe
                  https://amenstilo.website:4430%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  amenstilo.website
                  		unknown
                  		unknownfalse
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://python.org/dev/peps/pep-0263/pyexec.exe, 0000000B.00000002.2766016565.000000006CF4A000.00000002.00000001.01000000.00000009.sdmpfalse
                      		high
                      https://amenstilo.website/uzfvalidate.exe, 0000000C.00000003.3641598903.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3305019497.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3390277684.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3051516757.00000000005F6000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3220466988.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amenstilo.website/0uzfvalidate.exe, 0000000C.00000003.3220466988.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://amenstilo.website/puzfvalidate.exe, 0000000C.00000003.3051516757.00000000005F6000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sectigo.com/CPS0ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.vmware.com/0pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          http://www.softwareok.com/?Freeware/Find.Same.Images.OK/Historycmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                            		high
                            https://amenstilo.website/luzfvalidate.exe, 0000000C.00000003.3390277684.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.sectigo.com0ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.softwareok.com/?Freeware/Find.Same.Images.OKcmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                  		high
                                  https://amenstilo.website/8uzfvalidate.exe, 0000000C.00000003.3558222037.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.softwareok.de/?Download=Find.Same.Images.OKcmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                    		high
                                    https://amenstilo.website:443Huzfvalidate.exe, 0000000C.00000003.3218854870.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3135964308.000000000061F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://amenstilo.website/4uzfvalidate.exe, 0000000C.00000003.3649828617.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3641598903.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.vmware.com/0/pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.softwareok.com/?seite=faq-Find.Same.Images.OK&faq=0cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                          		high
                                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#ATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.???.xx/?search=%spyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000000.2625616286.00000001401E0000.00000002.00000001.01000000.0000000D.sdmpfalse
                                              		high
                                              http://www.symauth.com/cps0(pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://amenstilo.website/huzfvalidate.exe, 0000000C.00000003.3051516757.00000000005F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://amenstilo.website/duzfvalidate.exe, 0000000C.00000002.3952382284.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.softwareok.de/?Freeware/Find.Same.Images.OKcmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                  		high
                                                  https://amenstilo.website/Don_Edwards?atyh7eeqttnb3s=fQ7RLJljbyh%2BwDv7gAgqxsUgC17NXOOzLhsEZLteSFedNuzfvalidate.exe, 0000000C.00000003.3220466988.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yATLEQQXO.exe, 00000000.00000003.2148687754.000000000271E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://amenstilo.website:443/Don_Edwards?atyh7eeqttnb3s=fQ7RLJljbyh%2BwDv7gAgqxsUgC17NXOOzLhsEZLteSuzfvalidate.exe, 0000000C.00000003.3641359016.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3558222037.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3051409979.0000000000609000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3134472158.000000000060B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://amenstilo.website:443euzfvalidate.exe, 0000000C.00000003.3557965099.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3475082327.000000000061F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.symauth.com/rpa00pyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                        		high
                                                        http://www.softwareok.depyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000000.2625616286.00000001401E0000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                          		high
                                                          http://www.info-zip.org/pyexec.exe, 00000002.00000002.2251377392.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.000000000330A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A0E000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.0000000003297000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.0000000002663000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.softwareok.de/?Freeware/Find.Same.Images.OK/Historycmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                              		high
                                                              http://www.softwareok.com/?Download=Find.Same.Images.OKcmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3959784827.00000001401F4000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                		high
                                                                http://www.surfok.de/uzfvalidate.exe, 0000000C.00000002.3959676504.0000000140156000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                  		high
                                                                  https://amenstilo.website:443uzfvalidate.exe, 0000000C.00000003.3390123056.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3388139241.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3558131615.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3220404306.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3641285573.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3557965099.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3724668528.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3304960829.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3475082327.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3303372402.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3641502986.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3649743970.000000000061F000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3952599287.000000000061F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.softwareok.compyexec.exe, 00000002.00000002.2251377392.000000000330F000.00000004.00000020.00020000.00000000.sdmp, pyexec.exe, 00000003.00000002.2406444723.0000000003360000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, pyexec.exe, 0000000B.00000002.2764382687.00000000032ED000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000000.2625616286.00000001401E0000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                    		high
                                                                    https://amenstilo.website/Duzfvalidate.exe, 0000000C.00000003.3641359016.00000000005E8000.00000004.00000020.00020000.00000000.sdmp, uzfvalidate.exe, 0000000C.00000003.3558222037.00000000005E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      No contacted IP infos

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1577351
                                                                      Start date and time:2024-12-18 12:33:28 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 9m 52s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Run name:Run with higher sleep bypass
                                                                      Number of analysed new started processes analysed:21
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:ATLEQQXO.exe
                                                                      Detection:MAL
                                                                      Classification:mal92.expl.evad.winEXE@20/17@12/0
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 94%
                                                                      • Number of executed functions: 43
                                                                      • Number of non-executed functions: 433
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200
                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • VT rate limit hit for: ATLEQQXO.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      12:34:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\securityStream.lnk

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      No context

                                                                      Domains

                                                                      No context

                                                                      ASNs

                                                                      No context

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      C:\Users\user\AppData\Local\Temp\msvcr90.dllIMAKBWPY.exeGet hashmaliciousLummaCBrowse
                                                                        JIKJCBEX.exeGet hashmaliciousLummaCBrowse
                                                                          InvoiceNr274728.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                            KlarnaInvoice229837.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                              upgrade.htaGet hashmaliciousDarkVision RatBrowse
                                                                                file.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                  bUAmCazc.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                    KBKHHYI29L.msiGet hashmaliciousAmadeyBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Temp\1b9805c1

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):5677106
                                                                                      Entropy (8bit):7.716174664015882
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:nECe9cS0p7iXPimqed4cz7/JXHGgaBJV5kU69UbbEZwmLwePPdIsl6GRLUYf1V8B:wXKmpfJWgaV5krmIpdAGR38ZBAvqX
                                                                                      MD5:05B48E36C05B055B4F25EA517D5A88DC
                                                                                      SHA1:09616BC66B044B14A9106535C24E78A597ABD11E
                                                                                      SHA-256:6B067E378DF36E15E00B97D825AED8ECFB25FBE14390692BE838F982B71379F1
                                                                                      SHA-512:14DCAB6A88CB64D8E5AF406073341FE12E921B2060026707D516EF214DE6E6DFF578F3B18133775CC51CF985EF09DC3C5A8822A01F66D38C0F174891F2403713
                                                                                      Malicious:false
                                                                                      Preview:.|..|..|..|..|..|..x..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..=..=... ...................\....................|..|..|..|..|..|..|..|..|..|..|.............|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|...............|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..+..5...1........(..........|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|.N...I..K..|..|..|..|..|..|..|..|..|..|.

                                                                                      C:\Users\user\AppData\Local\Temp\284fea00

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):5677106
                                                                                      Entropy (8bit):7.716174655781396
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:pECe9cS0p7iXPimqed4cz7/JXHGgaBJV5kU69UbbEZwmLwePPdIsl6GRLUYf1V8B:WXKmpfJWgaV5krmIpdAGR38ZBAvqX
                                                                                      MD5:C48B952C2A1A87E228A6B659C6A99E9B
                                                                                      SHA1:FA4C10991469BADB38CFD4C358BF9CC8F53A17C4
                                                                                      SHA-256:8EBE03B911C14705E452C0ACAEE14A1755BA09B1F49ABED7162B981EC9E20566
                                                                                      SHA-512:31DF57A23CCDAF82EEF38AAB8EA18DA5D80C64F64618538D078B5F557307CE695BC592AB3CC397F1260AB46D72FDBCF4A51D3CC8227E853420AEF84327596E73
                                                                                      Malicious:false
                                                                                      Preview:.|..|..|..|..|..|..x..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..=..=... ...................\....................|..|..|..|..|..|..|..|..|..|..|.............|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|...............|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..+..5...1........(..........|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|.N...I..K..|..|..|..|..|..|..|..|..|..|.

                                                                                      C:\Users\user\AppData\Local\Temp\64a9b51

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):5677106
                                                                                      Entropy (8bit):7.716174998417401
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:tECe9cS0p7iXPimqed4cz7/JXHGgaBJV5kU69UbbEZwmLwePPdIsl6GRLUYf1V8B:SXKmpfJWgaV5krmIpdAGR38ZBAvqX
                                                                                      MD5:0A01FDFFDB625A553B764979E8C70037
                                                                                      SHA1:16B01DF8D1A476363D2A21D65A08C6B5F178ABD0
                                                                                      SHA-256:98436E63AF4D79D20C60B27E9003F4BD0E6AB684EFA6CF134613AC3EDC7E8450
                                                                                      SHA-512:5CA95D1B93AA393E9D8289C850B01BCE19E0D7F64FF2367100A8C26627B0C1516F8F455CA2E8FDF88A650C3A0951D601982AEB4E9068849B678DF85AE3A543BB
                                                                                      Malicious:false
                                                                                      Preview:.|..|..|..|..|..|..x..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..=..=... ...................\....................|..|..|..|..|..|..|..|..|..|..|.............|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|...............|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..+..5...1........(..........|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|..|.N...I..K..|..|..|..|..|..|..|..|..|..|.

                                                                                      C:\Users\user\AppData\Local\Temp\gwioita

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2579968
                                                                                      Entropy (8bit):6.722728630171241
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:pookIXWltlwsBd1wro7OgLDWBywkLxvMvQUaAhpC9IOgUAowCGMVhJzb6nbYNvGS:CZIWd1AsDfxvMxLeIgAovGN
                                                                                      MD5:AC488933942940D2BCC094C91713D753
                                                                                      SHA1:6C23FEAD9F7AB573C0991B204E28A13A8438030A
                                                                                      SHA-256:B9BE720C5EFAA06F1C53A2F4F99AAF4FCF43098DE40F6957339AB2938A7B6970
                                                                                      SHA-512:25FEBF0EBE3DE89EB3269974BDD6801925142EC512460DDF2B279212C74CBD93D08408EE9F035F0FB777BC78CB8612AD7E071FD53A5B0A3215F85E3FC2CB6591
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......Y..................$..B'..b..W..........@.............................@....../d'...`... ...............................................-.........8.....&..j..........................................@.&.(...................(.-..............................text...H.$.......$.................`..`.data.........$.......$.............@....rdata..H.....%.......%.............@..@.pdata...j....&..l...x&.............@..@.xdata...Q....'..R....&.............@..@.bss.... a...`'..........................idata........-......6'.............@....CRT....0.....-......<'.............@....tls..........-......>'.............@....rsrc...8............@'.............@..@.reloc...............B'.............@..Baeeh..... ... .......F'.............@...................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\ilcvp

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Dec 18 10:34:31 2024, mtime=Wed Dec 18 10:34:31 2024, atime=Tue Nov 26 04:08:50 2024, length=29152, window=hide
                                                                                      Category:dropped
                                                                                      Size (bytes):912
                                                                                      Entropy (8bit):4.961086949197238
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:8rHv16o41wpnu8Chy2lXIsY//MdLs6TGkp6EsnAKG+gYjAw+H9cZWJAsUh/pmV:8rH8CDWlXU4DVp6b88AwUcUQhm
                                                                                      MD5:2B9DFF4044DEDC3B74502FFC072326C7
                                                                                      SHA1:6D92D72360815E63DE7BEA52C54EF211ACB936C0
                                                                                      SHA-256:AA800B1B67CC39FBC330B888788F29F90855626BEF9C122176D1FD3EDD1B08A5
                                                                                      SHA-512:5B710AAC34B8392D45B92BE6A51859015371D8669488BF525A1C7A2A3D70E8B8CD82B306BDD0EBB28E573EEC87426B70797DEF069E812F127B2785DDD64CAEEB
                                                                                      Malicious:false
                                                                                      Preview:L..................F.... .......@Q....".@Q....G.?...q........................:..DG..Yr?.D..U..k0.&...&.......$..S.......@Q......@Q......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.YI\...........................^.A.p.p.D.a.t.a...B.V.1......YP\..Roaming.@......EW<2.YR\..../.......................g.R.o.a.m.i.n.g.....h.1......YP\..UPDATE~1..P......YP\.YR\....-.....................0.T.U.p.d.a.t.e.C.h.r.o.m.e._.Z.e.....`.2..q..zY.) .pyexec.exe..F......YP\.YP\....0.........................p.y.e.x.e.c...e.x.e.......k...............-.......j..............a.....C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe..(.....\.....\.R.o.a.m.i.n.g.\.U.p.d.a.t.e.C.h.r.o.m.e._.Z.e.\.p.y.e.x.e.c...e.x.e.`.......X.......305090...........hT..CrF.f4... .|&..Jc...-...-$..hT..CrF.f4... .|&..Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                      C:\Users\user\AppData\Local\Temp\kkfpps

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\ATLEQQXO.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):4543241
                                                                                      Entropy (8bit):7.953577593572823
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:1qhKbkLC48QfYKC+rSB0gBSr1n8admb5diF+8jqvZh9TCru2:9YLC48zCSB0gBSUq+82vZhNU
                                                                                      MD5:CAB0057CFD10E7AEF479B8AED8B4357C
                                                                                      SHA1:C798E4520B3D3BBC9DC34C92AEEABADDC7CAAB23
                                                                                      SHA-256:B0518F06E336D48F65A4AE9109D384815517308C7A687E9FF8D28858FDFF21C3
                                                                                      SHA-512:1D6A8C2D158CF931757F6632CD3E4352F598EE180FB39B9DEFDFEBE19CFFCD1312A28686BC2281FE42CDFFD649A1B392C53AADC4798FF67BC52BE829D3F4512B
                                                                                      Malicious:false
                                                                                      Preview:O.J[`d.PT..mq.M.x.i.Q...q_hm.q.\F.G....].Uq.].C.`i.....NIjr..D..DGg.k..Z.D...A.f..l.Dl.N...u.j.O...qP.n._x..km.....vU.Dnu.QDx.t...y...qY_GNW_L.g..[._tSW.jZ...xMs..M.Mno...rEK.t..^..._....Xl.[.`.wT.t...wGgcLyK.pDhq...X.nN.yXWw.HZJ....K..U.a[D..Z..x.tQ....FBX.rG.`...CtGu.]..w.]P.Ak.Wh...K....f.Vq...D....g.b..`n....Pi.u...bA..Z..Yu.e.Q...H...Lk.hf.mU..P....[..j.]..hyI..b[.V.p.M.xA..g............Il.oPJZd..ghUrrjXE.o.t.s.gcrYJVu[F._I..d...HpY.lu.X...b.ohv.N....a.I]_.n....\Q.Unqb...A.C.f.BaO.SGOJIh.e.K..Q.DxY.I.GA..Sd.ZI.A.[.T..lsN...Ha.ys.O\Y.Fs....kl..x...L.to..mC...D`oJ.Z..A.W.U.R..dY.C_]Oq.y._..r.GR.F...OB..W...L.T.KU.Js..u..JG_._q...l.oa...Sj..Y.Grb......oIAV..kx...N.V._w.h..G.`.rUQ.N`^.AcpkYDV.X`fAm....yIu...^.f..b...^..Vs.F...Klo.V.u.^B...P.r.[..qt...ba[....x.A..wp.....N...wr.C.....qa.`SD.Aqu.J.UUo..HV.d^....WABE.Vm.F..u..oI..e.YO..kb....\..JB..a]w.su.ISP..w..l.j.V].A..QSA.....M.m.a............Y......J.....KD.U.y..ntDq.H..OdY.c.EQ.R\.`..df.q._.^I.fi....`m..aq..RmfFDnS.lOm..V.f..X..VOD

                                                                                      C:\Users\user\AppData\Local\Temp\liuhw

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2579968
                                                                                      Entropy (8bit):6.722728630171241
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:pookIXWltlwsBd1wro7OgLDWBywkLxvMvQUaAhpC9IOgUAowCGMVhJzb6nbYNvGS:CZIWd1AsDfxvMxLeIgAovGN
                                                                                      MD5:AC488933942940D2BCC094C91713D753
                                                                                      SHA1:6C23FEAD9F7AB573C0991B204E28A13A8438030A
                                                                                      SHA-256:B9BE720C5EFAA06F1C53A2F4F99AAF4FCF43098DE40F6957339AB2938A7B6970
                                                                                      SHA-512:25FEBF0EBE3DE89EB3269974BDD6801925142EC512460DDF2B279212C74CBD93D08408EE9F035F0FB777BC78CB8612AD7E071FD53A5B0A3215F85E3FC2CB6591
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......Y..................$..B'..b..W..........@.............................@....../d'...`... ...............................................-.........8.....&..j..........................................@.&.(...................(.-..............................text...H.$.......$.................`..`.data.........$.......$.............@....rdata..H.....%.......%.............@..@.pdata...j....&..l...x&.............@..@.xdata...Q....'..R....&.............@..@.bss.... a...`'..........................idata........-......6'.............@....CRT....0.....-......<'.............@....tls..........-......>'.............@....rsrc...8............@'.............@..@.reloc...............B'.............@..Baeeh..... ... .......F'.............@...................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\msvcr90.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\ATLEQQXO.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):653952
                                                                                      Entropy (8bit):6.885961951552677
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe
                                                                                      MD5:11D49148A302DE4104DED6A92B78B0ED
                                                                                      SHA1:FD58A091B39ED52611ADE20A782EF58AC33012AF
                                                                                      SHA-256:CEB0947D898BC2A55A50F092F5ED3F7BE64AC1CD4661022EEFD3EDD4029213B0
                                                                                      SHA-512:FDC43B3EE38F7BEB2375C953A29DB8BCF66B73B78CCC04B147E26108F3B650C0A431B276853BB8E08167D34A8CC9C6B7918DAEF9EBC0A4833B1534C5AFAC75E4
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: IMAKBWPY.exe, Detection: malicious, Browse
                                                                                      • Filename: JIKJCBEX.exe, Detection: malicious, Browse
                                                                                      • Filename: InvoiceNr274728.pdf.lnk, Detection: malicious, Browse
                                                                                      • Filename: KlarnaInvoice229837.pdf.lnk, Detection: malicious, Browse
                                                                                      • Filename: upgrade.hta, Detection: malicious, Browse
                                                                                      • Filename: file.ps1, Detection: malicious, Browse
                                                                                      • Filename: bUAmCazc.ps1, Detection: malicious, Browse
                                                                                      • Filename: KBKHHYI29L.msi, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L.....i[...........!.....\..........@-.......p....Rx.........................0......?T....@..............................|..P...(................................3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\oqie

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\ATLEQQXO.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):19176
                                                                                      Entropy (8bit):5.5744691419553645
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:K2sgh5cTvSSX02b2DjahnzDqzp8EhFzyTRjnB5iwUQMkye/EXlVl+F/2:fP5cTqsxrz62yzWGwjMwO2E
                                                                                      MD5:1B460253D49274B10FBB004DFB9747FC
                                                                                      SHA1:E7EEB198A3BFD9E5977ECA69940754AA6D065EE0
                                                                                      SHA-256:EA375E1438BE7CBD7841956E11C8B5749BEA413FD9D6B8044C2204E8E7C2E209
                                                                                      SHA-512:2D3F22B67B702C68491AA8B66081BF02BA6E94DC4CFB352A41810C479807B149F4BD698ABBCC1E41287640C0376AD099E932BCFDB6790C7F099F67625A77C390
                                                                                      Malicious:false
                                                                                      Preview:t...fK`[dbSwox.p.I.p...d..mPg._R.Ad........rl..b..A...eA\.....EjDqWd...l.m...yFkjUP.[`.p...pU....T]Q...O....A.fx.d.f_..x.Epl[ZS.o..GNW..._..L.A.`.Au.g[QLN.WS...S..G.hZJ...FMMRaC...m..DjU..].VvEx.e..\LnLK.[.._.........G.O.hG...fm...Wu...tu.o.QH.U..V`.K..H..A..YxuH^....[.no.k..T.....QCY.T..pi..]PQ.NB.xyWnS...gY.]...R..^.L..Ac.d_..cJA.X.O....iKs...CU.s.P..GI..I..UTfGYj.Y.D.ZZI.L..y.`a.x.Y.f.E.E...B..pM..p..VD...U....PlaU..HOZK.Rv.F^_`jU.Ug.a.._bon..[JdEQ.IHt...cm.lhmR`..W.j...y..QqafQUy..F.UJLWGs..j...]n.c_...MD`....DC.q..gY.CMXeK_Z..f..s.N..h......]Eq.A....a._\...Q.\..RDVBb]m.fF........D.Q.....]_.U.n.q...r..B..oG.[......E....O...p..w.x.wa.YSw.jh.biBrT..L.........KwTq.Zj.A.Oq.\...N.X.W..L..bZ..BX...oTlIg.NDy.xl...]l.\..mI.W..[.O..F.r...R...MN..c.V..P._..g.IN.....c.QD.bFT.n...AU..Be.D]A.HJ..v..f.D...dZw....`.N..m.........aN\a.s_.jIU.b..UtmfST.m.hFl.GaVqq.Q.L.c...\C.M..n.A\..r..Fkl..._...qk]M.e.H..o.IU.g..xvjYQh......n..p.J.F_.x....g..V..VN.x..........lH...YaM`Y..p.v..LWx..HBs.....J....BrVk

                                                                                      C:\Users\user\AppData\Local\Temp\pyexec.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\ATLEQQXO.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):29152
                                                                                      Entropy (8bit):6.656857622778623
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:+yq82Ud7/zfkn8I+ilpd4TILqIgXYoBCH/3hprl:Zq824LfMV4TqqIgXYoBCH/3hpB
                                                                                      MD5:B6F6C3C38568EE26F1AC70411A822405
                                                                                      SHA1:5B94D0ADAC4DF2D7179C378750C4E3417231125F
                                                                                      SHA-256:A73454C7FAD23A80A3F6540AFDB64FC334980A11402569F1986AA39995AE496D
                                                                                      SHA-512:5C0A5E9A623A942AFF9D58D6E7A23B7D2BBA6A4155824AA8BB94DBD069A8C15C00DF48F12224622EFCD5042B6847C8FB476C43390E9E576C42EFC22E3C02A122
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=...=...=....`.?...#.e.?...#.c.<...#.r.?.......8...=...f...#.u.$...#.b.<...#.g.<...Rich=...................PE..L......I................."...(......a,.......@....@..................................u......................................lB..P....p..@............N...#...........................................A..@............@..x............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......0..............@....rsrc...@....p.......<..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\python27.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\ATLEQQXO.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2649600
                                                                                      Entropy (8bit):6.720266712937156
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:xDd0krhjbVYU9U/ElyrLKlvGBO58GBjc9nYM6JBe4PjnhMsQHNClhIdYTf2O+yXW:ckrRyylvGB65KNCMghMtHIledkpyy
                                                                                      MD5:97BA4F023EEF94417ADCB77B044830C4
                                                                                      SHA1:D071A2C68256A36A1C2504D6C931CED63D676C4F
                                                                                      SHA-256:357AEDC478D8C1C6E85874C25A6A76B3801413FD71AAA641B31905E19B6CC7BD
                                                                                      SHA-512:3A165EECBBEE200F67476709E453254FCB131441F4A1737B820826FCB6FEAD4F3A8BDBF4C6BD8A22E81DEE3B7E8B8DE548F655C2E30C2E3568EF68625CD05365
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bu....{...{...{..[...{..l...{..l....{..l....{..l...{...z.<.{..l..{..l...{..l...{..l...{.Rich..{.................PE..L...x..^...........!.........................................................).....\g)...@..........................g!..|...Q!.x....@(. ....................P(..[.. ................................O!.@............................................text...z........................... ..`.rdata...D.......F..................@..@.data...pC....!..(....!.............@....rsrc... ....@(.......&.............@..@.reloc..~f...P(..h....'.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\uzfvalidate.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2364728
                                                                                      Entropy (8bit):6.606009669324617
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:lbCT2kOGRpfJMi3kLRQrjYgeeZyTDwMHfDYZNBi:TkOKMiY0BZMHfDYZNBi
                                                                                      MD5:967F4470627F823F4D7981E511C9824F
                                                                                      SHA1:416501B096DF80DDC49F4144C3832CF2CADB9CB2
                                                                                      SHA-256:B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
                                                                                      SHA-512:8883EAD428C9D4B415046DE9F8398AA1F65AE81FE7945A840C822620E18F6F9930CCE2E10ACFF3B5DA8B9C817ADE3DABC1DE576CBD255087267F77341900A41C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:<..To..To..To.:.o..To...o..To.:9o..To.:.o..To.:/o..To..Uoe.To...o|.To...o..To...o..To...o..ToRich..To................PE..d...^.?e..........#......H.....................@..............................%.....h.$.....................................................XW..,........q...p..$h....#.8)......................................(....................`...............................text...RG.......H.................. ..`.rdata..R/...`...0...L..............@..@.data................|..............@....pdata..$h...p...j..................@..@Shared...............p..............@....tls.................x..............@....rsrc....q.......r...z..............@..@................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\UpdateChrome_Ze\kkfpps

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\pyexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):4543241
                                                                                      Entropy (8bit):7.953577593572823
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:1qhKbkLC48QfYKC+rSB0gBSr1n8admb5diF+8jqvZh9TCru2:9YLC48zCSB0gBSUq+82vZhNU
                                                                                      MD5:CAB0057CFD10E7AEF479B8AED8B4357C
                                                                                      SHA1:C798E4520B3D3BBC9DC34C92AEEABADDC7CAAB23
                                                                                      SHA-256:B0518F06E336D48F65A4AE9109D384815517308C7A687E9FF8D28858FDFF21C3
                                                                                      SHA-512:1D6A8C2D158CF931757F6632CD3E4352F598EE180FB39B9DEFDFEBE19CFFCD1312A28686BC2281FE42CDFFD649A1B392C53AADC4798FF67BC52BE829D3F4512B
                                                                                      Malicious:false
                                                                                      Preview:O.J[`d.PT..mq.M.x.i.Q...q_hm.q.\F.G....].Uq.].C.`i.....NIjr..D..DGg.k..Z.D...A.f..l.Dl.N...u.j.O...qP.n._x..km.....vU.Dnu.QDx.t...y...qY_GNW_L.g..[._tSW.jZ...xMs..M.Mno...rEK.t..^..._....Xl.[.`.wT.t...wGgcLyK.pDhq...X.nN.yXWw.HZJ....K..U.a[D..Z..x.tQ....FBX.rG.`...CtGu.]..w.]P.Ak.Wh...K....f.Vq...D....g.b..`n....Pi.u...bA..Z..Yu.e.Q...H...Lk.hf.mU..P....[..j.]..hyI..b[.V.p.M.xA..g............Il.oPJZd..ghUrrjXE.o.t.s.gcrYJVu[F._I..d...HpY.lu.X...b.ohv.N....a.I]_.n....\Q.Unqb...A.C.f.BaO.SGOJIh.e.K..Q.DxY.I.GA..Sd.ZI.A.[.T..lsN...Ha.ys.O\Y.Fs....kl..x...L.to..mC...D`oJ.Z..A.W.U.R..dY.C_]Oq.y._..r.GR.F...OB..W...L.T.KU.Js..u..JG_._q...l.oa...Sj..Y.Grb......oIAV..kx...N.V._w.h..G.`.rUQ.N`^.AcpkYDV.X`fAm....yIu...^.f..b...^..Vs.F...Klo.V.u.^B...P.r.[..qt...ba[....x.A..wp.....N...wr.C.....qa.`SD.Aqu.J.UUo..HV.d^....WABE.Vm.F..u..oI..e.YO..kb....\..JB..a]w.su.ISP..w..l.j.V].A..QSA.....M.m.a............Y......J.....KD.U.y..ntDq.H..OdY.c.EQ.R\.`..df.q._.^I.fi....`m..aq..RmfFDnS.lOm..V.f..X..VOD

                                                                                      C:\Users\user\AppData\Roaming\UpdateChrome_Ze\msvcr90.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\pyexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):653952
                                                                                      Entropy (8bit):6.885961951552677
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe
                                                                                      MD5:11D49148A302DE4104DED6A92B78B0ED
                                                                                      SHA1:FD58A091B39ED52611ADE20A782EF58AC33012AF
                                                                                      SHA-256:CEB0947D898BC2A55A50F092F5ED3F7BE64AC1CD4661022EEFD3EDD4029213B0
                                                                                      SHA-512:FDC43B3EE38F7BEB2375C953A29DB8BCF66B73B78CCC04B147E26108F3B650C0A431B276853BB8E08167D34A8CC9C6B7918DAEF9EBC0A4833B1534C5AFAC75E4
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L.....i[...........!.....\..........@-.......p....Rx.........................0......?T....@..............................|..P...(................................3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\UpdateChrome_Ze\oqie

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\pyexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):19176
                                                                                      Entropy (8bit):5.5744691419553645
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:K2sgh5cTvSSX02b2DjahnzDqzp8EhFzyTRjnB5iwUQMkye/EXlVl+F/2:fP5cTqsxrz62yzWGwjMwO2E
                                                                                      MD5:1B460253D49274B10FBB004DFB9747FC
                                                                                      SHA1:E7EEB198A3BFD9E5977ECA69940754AA6D065EE0
                                                                                      SHA-256:EA375E1438BE7CBD7841956E11C8B5749BEA413FD9D6B8044C2204E8E7C2E209
                                                                                      SHA-512:2D3F22B67B702C68491AA8B66081BF02BA6E94DC4CFB352A41810C479807B149F4BD698ABBCC1E41287640C0376AD099E932BCFDB6790C7F099F67625A77C390
                                                                                      Malicious:false
                                                                                      Preview:t...fK`[dbSwox.p.I.p...d..mPg._R.Ad........rl..b..A...eA\.....EjDqWd...l.m...yFkjUP.[`.p...pU....T]Q...O....A.fx.d.f_..x.Epl[ZS.o..GNW..._..L.A.`.Au.g[QLN.WS...S..G.hZJ...FMMRaC...m..DjU..].VvEx.e..\LnLK.[.._.........G.O.hG...fm...Wu...tu.o.QH.U..V`.K..H..A..YxuH^....[.no.k..T.....QCY.T..pi..]PQ.NB.xyWnS...gY.]...R..^.L..Ac.d_..cJA.X.O....iKs...CU.s.P..GI..I..UTfGYj.Y.D.ZZI.L..y.`a.x.Y.f.E.E...B..pM..p..VD...U....PlaU..HOZK.Rv.F^_`jU.Ug.a.._bon..[JdEQ.IHt...cm.lhmR`..W.j...y..QqafQUy..F.UJLWGs..j...]n.c_...MD`....DC.q..gY.CMXeK_Z..f..s.N..h......]Eq.A....a._\...Q.\..RDVBb]m.fF........D.Q.....]_.U.n.q...r..B..oG.[......E....O...p..w.x.wa.YSw.jh.biBrT..L.........KwTq.Zj.A.Oq.\...N.X.W..L..bZ..BX...oTlIg.NDy.xl...]l.\..mI.W..[.O..F.r...R...MN..c.V..P._..g.IN.....c.QD.bFT.n...AU..Be.D]A.HJ..v..f.D...dZw....`.N..m.........aN\a.s_.jIU.b..UtmfST.m.hFl.GaVqq.Q.L.c...\C.M..n.A\..r..Fkl..._...qk]M.e.H..o.IU.g..xvjYQh......n..p.J.F_.x....g..V..VN.x..........lH...YaM`Y..p.v..LWx..HBs.....J....BrVk

                                                                                      C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\pyexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):29152
                                                                                      Entropy (8bit):6.656857622778623
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:+yq82Ud7/zfkn8I+ilpd4TILqIgXYoBCH/3hprl:Zq824LfMV4TqqIgXYoBCH/3hpB
                                                                                      MD5:B6F6C3C38568EE26F1AC70411A822405
                                                                                      SHA1:5B94D0ADAC4DF2D7179C378750C4E3417231125F
                                                                                      SHA-256:A73454C7FAD23A80A3F6540AFDB64FC334980A11402569F1986AA39995AE496D
                                                                                      SHA-512:5C0A5E9A623A942AFF9D58D6E7A23B7D2BBA6A4155824AA8BB94DBD069A8C15C00DF48F12224622EFCD5042B6847C8FB476C43390E9E576C42EFC22E3C02A122
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=...=...=....`.?...#.e.?...#.c.<...#.r.?.......8...=...f...#.u.$...#.b.<...#.g.<...Rich=...................PE..L......I................."...(......a,.......@....@..................................u......................................lB..P....p..@............N...#...........................................A..@............@..x............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......0..............@....rsrc...@....p.......<..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\UpdateChrome_Ze\python27.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\pyexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2649600
                                                                                      Entropy (8bit):6.720266712937156
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:xDd0krhjbVYU9U/ElyrLKlvGBO58GBjc9nYM6JBe4PjnhMsQHNClhIdYTf2O+yXW:ckrRyylvGB65KNCMghMtHIledkpyy
                                                                                      MD5:97BA4F023EEF94417ADCB77B044830C4
                                                                                      SHA1:D071A2C68256A36A1C2504D6C931CED63D676C4F
                                                                                      SHA-256:357AEDC478D8C1C6E85874C25A6A76B3801413FD71AAA641B31905E19B6CC7BD
                                                                                      SHA-512:3A165EECBBEE200F67476709E453254FCB131441F4A1737B820826FCB6FEAD4F3A8BDBF4C6BD8A22E81DEE3B7E8B8DE548F655C2E30C2E3568EF68625CD05365
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bu....{...{...{..[...{..l...{..l....{..l....{..l...{...z.<.{..l..{..l...{..l...{..l...{.Rich..{.................PE..L...x..^...........!.........................................................).....\g)...@..........................g!..|...Q!.x....@(. ....................P(..[.. ................................O!.@............................................text...z........................... ..`.rdata...D.......F..................@..@.data...pC....!..(....!.............@....rsrc... ....@(.......&.............@..@.reloc..~f...P(..h....'.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.990191545976132
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:ATLEQQXO.exe
                                                                                      File size:5'343'929 bytes
                                                                                      MD5:2fd56c681ad71cfb61512d85213397fa
                                                                                      SHA1:d8f6d6bda59e00a56da58d596d427e834a551f36
                                                                                      SHA256:ae52eea09c54ce2122a585dab0231555763f5be6e90b1e63b5886cf4116ea68d
                                                                                      SHA512:0e4b25832c2385330c50cb1208f45a9005da3857c99fc7324a2d90ccd042cb93b9dc8133ab9401e89b17497841f9c5cdce679c8b5eea6a3526b978ce0bcbfaa7
                                                                                      SSDEEP:98304:+p413kko9DUTkEywOQPr/uvIfH3vy8iYqLlaSZihAu0Cw2ZAuZfFuqdN:+p4t5iSOU0uiYrSZihAu0MZRTdN
                                                                                      TLSH:43363300B78768F1C9A19E717E4DC767537AEBA917015F5343AA6C292ED31E00B0B2DB
                                                                                      File Content Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...~.&L.....................................0....@..........................0.......3.......................................P.............................

                                                                                      File Icon

                                                                                      Icon Hash:d292fcd8f2f2fe1c

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x411def
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                      DLL Characteristics:
                                                                                      Time Stamp:0x4C26F87E [Sun Jun 27 07:06:38 2010 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:b5a014d7eeb4c2042897567e1288a095

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      push FFFFFFFFh
                                                                                      push 00414C50h
                                                                                      push 00411F80h
                                                                                      mov eax, dword ptr fs:[00000000h]
                                                                                      push eax
                                                                                      mov dword ptr fs:[00000000h], esp
                                                                                      sub esp, 68h
                                                                                      push ebx
                                                                                      push esi
                                                                                      push edi
                                                                                      mov dword ptr [ebp-18h], esp
                                                                                      xor ebx, ebx
                                                                                      mov dword ptr [ebp-04h], ebx
                                                                                      push 00000002h
                                                                                      call dword ptr [00413184h]
                                                                                      pop ecx
                                                                                      or dword ptr [00419924h], FFFFFFFFh
                                                                                      or dword ptr [00419928h], FFFFFFFFh
                                                                                      call dword ptr [00413188h]
                                                                                      mov ecx, dword ptr [0041791Ch]
                                                                                      mov dword ptr [eax], ecx
                                                                                      call dword ptr [0041318Ch]
                                                                                      mov ecx, dword ptr [00417918h]
                                                                                      mov dword ptr [eax], ecx
                                                                                      mov eax, dword ptr [00413190h]
                                                                                      mov eax, dword ptr [eax]
                                                                                      mov dword ptr [00419920h], eax
                                                                                      call 00007F5548F70162h
                                                                                      cmp dword ptr [00417710h], ebx
                                                                                      jne 00007F5548F7004Eh
                                                                                      push 00411F78h
                                                                                      call dword ptr [00413194h]
                                                                                      pop ecx
                                                                                      call 00007F5548F70134h
                                                                                      push 00417048h
                                                                                      push 00417044h
                                                                                      call 00007F5548F7011Fh
                                                                                      mov eax, dword ptr [00417914h]
                                                                                      mov dword ptr [ebp-6Ch], eax
                                                                                      lea eax, dword ptr [ebp-6Ch]
                                                                                      push eax
                                                                                      push dword ptr [00417910h]
                                                                                      lea eax, dword ptr [ebp-64h]
                                                                                      push eax
                                                                                      lea eax, dword ptr [ebp-70h]
                                                                                      push eax
                                                                                      lea eax, dword ptr [ebp-60h]
                                                                                      push eax
                                                                                      call dword ptr [0041319Ch]
                                                                                      push 00417040h
                                                                                      push 00417000h
                                                                                      call 00007F5548F700ECh

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x150dc0xb4.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a0000x18d04.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x130000x310.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x113170x11400797279c5ab1a163aed1f2a528f9fe3ceFalse0.6174988677536232data6.576987441854239IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x130000x30ea0x32001359639b02bcb8f0a8743e6ead1c0030False0.43828125data5.549434098115495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x170000x292c0x8009415c9c8dea3245d6d73c23393e27d8eFalse0.431640625data3.6583182363171756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0x1a0000x18d040x18e009dee09854e79aa987e5336a4defda540False0.2433358197236181data5.382874846103129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0x1a1f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088RussianRussia0.6781914893617021
                                                                                      RT_ICON0x1a6580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224RussianRussia0.47068480300187615
                                                                                      RT_ICON0x1b7000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600RussianRussia0.41161825726141077
                                                                                      RT_ICON0x1dca80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896RussianRussia0.3213863958431743
                                                                                      RT_ICON0x21ed00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584RussianRussia0.1865609842659411
                                                                                      RT_GROUP_ICON0x326f80x4cdataRussianRussia0.7763157894736842
                                                                                      RT_VERSION0x327440x350dataEnglishUnited States0.47523584905660377
                                                                                      RT_MANIFEST0x32a940x270ASCII text, with very long lines (624), with no line terminatorsEnglishUnited States0.5144230769230769

                                                                                      Imports

                                                                                      DLLImport
                                                                                      COMCTL32.dll
                                                                                      KERNEL32.dllGetFileAttributesW, CreateDirectoryW, WriteFile, GetStdHandle, VirtualFree, GetModuleHandleW, GetProcAddress, LoadLibraryA, LockResource, LoadResource, SizeofResource, FindResourceExA, MulDiv, GlobalFree, GlobalAlloc, lstrcmpiA, GetSystemDefaultLCID, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, MultiByteToWideChar, GetLocaleInfoW, lstrlenA, lstrcmpiW, GetEnvironmentVariableW, lstrcmpW, GlobalMemoryStatusEx, VirtualAlloc, WideCharToMultiByte, ExpandEnvironmentStringsW, RemoveDirectoryW, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, SetThreadLocale, GetLocalTime, GetSystemTimeAsFileTime, lstrlenW, GetTempPathW, SetEnvironmentVariableW, CloseHandle, CreateFileW, GetDriveTypeW, SetCurrentDirectoryW, GetModuleFileNameW, GetCommandLineW, GetVersionExW, CreateEventW, SetEvent, ResetEvent, InitializeCriticalSection, TerminateThread, ResumeThread, SuspendThread, IsBadReadPtr, LocalFree, lstrcpyW, FormatMessageW, GetSystemDirectoryW, DeleteCriticalSection, GetFileSize, SetFilePointer, ReadFile, SetFileTime, SetEndOfFile, EnterCriticalSection, LeaveCriticalSection, WaitForMultipleObjects, GetModuleHandleA, SystemTimeToFileTime, GetLastError, CreateThread, WaitForSingleObject, GetExitCodeThread, Sleep, SetLastError, SetFileAttributesW, GetDiskFreeSpaceExW, lstrcatW, ExitProcess, CompareFileTime, GetStartupInfoA
                                                                                      USER32.dllCharUpperW, EndDialog, DestroyWindow, KillTimer, ReleaseDC, DispatchMessageW, GetMessageW, SetTimer, CreateWindowExW, ScreenToClient, GetWindowRect, wsprintfW, GetParent, GetSystemMenu, EnableMenuItem, EnableWindow, MessageBeep, LoadIconW, LoadImageW, wvsprintfW, IsWindow, DefWindowProcW, CallWindowProcW, DrawIconEx, DialogBoxIndirectParamW, GetWindow, ClientToScreen, GetDC, DrawTextW, ShowWindow, SystemParametersInfoW, SetFocus, SetWindowLongW, GetSystemMetrics, GetClientRect, GetDlgItem, GetKeyState, MessageBoxA, wsprintfA, SetWindowTextW, GetSysColor, GetWindowTextLengthW, GetWindowTextW, GetClassNameA, GetWindowLongW, GetMenu, SetWindowPos, CopyImage, SendMessageW, GetWindowDC
                                                                                      GDI32.dllGetCurrentObject, StretchBlt, SetStretchBltMode, CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, GetObjectW, GetDeviceCaps, DeleteObject, CreateFontIndirectW, DeleteDC
                                                                                      SHELL32.dllSHGetFileInfoW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteExW, SHGetSpecialFolderPathW, ShellExecuteW
                                                                                      ole32.dllCoInitialize, CreateStreamOnHGlobal, CoCreateInstance
                                                                                      OLEAUT32.dllVariantClear, OleLoadPicture, SysAllocString
                                                                                      MSVCRT.dll__set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, ??1type_info@@UAE@XZ, _onexit, __dllonexit, _CxxThrowException, _beginthreadex, _EH_prolog, memset, _wcsnicmp, strncmp, malloc, memmove, _wtol, memcpy, free, memcmp, _purecall, ??2@YAPAXI@Z, ??3@YAXPAX@Z, _except_handler3, _controlfp

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      RussianRussia
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Network Port Distribution

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 18, 2024 12:35:52.134259939 CET5496353192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:35:52.271795034 CET53549631.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:00.588160992 CET6363353192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:00.725092888 CET53636331.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:09.028094053 CET5077453192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:09.166652918 CET53507741.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:17.484767914 CET5978853192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:17.622982979 CET53597881.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:25.959738016 CET5084153192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:26.097117901 CET53508411.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:34.496015072 CET5960353192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:34.634984970 CET53596031.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:42.387820005 CET6041053192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:42.524646997 CET53604101.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:50.834676027 CET4946453192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:50.973725080 CET53494641.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:36:59.284984112 CET6126453192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:36:59.422394037 CET53612641.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:37:07.731343031 CET5805353192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:37:07.870738029 CET53580531.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:37:16.188065052 CET6515653192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:37:16.325006008 CET53651561.1.1.1192.168.2.6
                                                                                      Dec 18, 2024 12:37:24.619683027 CET6405953192.168.2.61.1.1.1
                                                                                      Dec 18, 2024 12:37:24.757575989 CET53640591.1.1.1192.168.2.6

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Dec 18, 2024 12:35:52.134259939 CET192.168.2.61.1.1.10xa40eStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:00.588160992 CET192.168.2.61.1.1.10xb5ddStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:09.028094053 CET192.168.2.61.1.1.10x84d8Standard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:17.484767914 CET192.168.2.61.1.1.10x473eStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:25.959738016 CET192.168.2.61.1.1.10x4cc2Standard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:34.496015072 CET192.168.2.61.1.1.10x5052Standard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:42.387820005 CET192.168.2.61.1.1.10x8bd1Standard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:50.834676027 CET192.168.2.61.1.1.10xf6f6Standard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:59.284984112 CET192.168.2.61.1.1.10x65afStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:37:07.731343031 CET192.168.2.61.1.1.10x3bccStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:37:16.188065052 CET192.168.2.61.1.1.10xc63eStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:37:24.619683027 CET192.168.2.61.1.1.10xdfStandard query (0)amenstilo.websiteA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Dec 18, 2024 12:35:52.271795034 CET1.1.1.1192.168.2.60xa40eName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:00.725092888 CET1.1.1.1192.168.2.60xb5ddName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:09.166652918 CET1.1.1.1192.168.2.60x84d8Name error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:17.622982979 CET1.1.1.1192.168.2.60x473eName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:26.097117901 CET1.1.1.1192.168.2.60x4cc2Name error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:34.634984970 CET1.1.1.1192.168.2.60x5052Name error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:42.524646997 CET1.1.1.1192.168.2.60x8bd1Name error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:50.973725080 CET1.1.1.1192.168.2.60xf6f6Name error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:36:59.422394037 CET1.1.1.1192.168.2.60x65afName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:37:07.870738029 CET1.1.1.1192.168.2.60x3bccName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:37:16.325006008 CET1.1.1.1192.168.2.60xc63eName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false
                                                                                      Dec 18, 2024 12:37:24.757575989 CET1.1.1.1192.168.2.60xdfName error (3)amenstilo.websitenonenoneA (IP address)IN (0x0001)false

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:06:34:20
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\Desktop\ATLEQQXO.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\ATLEQQXO.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:5'343'929 bytes
                                                                                      MD5 hash:2FD56C681AD71CFB61512D85213397FA
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:06:34:21
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\pyexec.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\pyexec.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:29'152 bytes
                                                                                      MD5 hash:B6F6C3C38568EE26F1AC70411A822405
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000002.00000002.2251377392.0000000003555000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:06:34:31
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      Imagebase:0x400000
                                                                                      File size:29'152 bytes
                                                                                      MD5 hash:B6F6C3C38568EE26F1AC70411A822405
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000003.00000002.2406444723.00000000035A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:06:34:41
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                      Imagebase:0x1c0000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.2714724972.0000000004A57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:06:34:41
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff66e660000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:06:35:07
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:29'152 bytes
                                                                                      MD5 hash:B6F6C3C38568EE26F1AC70411A822405
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000B.00000002.2764382687.0000000003533000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:06:35:09
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\uzfvalidate.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\uzfvalidate.exe
                                                                                      Imagebase:0x140000000
                                                                                      File size:2'364'728 bytes
                                                                                      MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000C.00000002.3953005344.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:06:35:17
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                      Imagebase:0x1c0000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000D.00000002.2822716810.00000000029B0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000D.00000002.2823008461.0000000004970000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:14
                                                                                      Start time:06:35:17
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff66e660000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:18
                                                                                      Start time:06:35:28
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\UpdateChrome_Ze\pyexec.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:29'152 bytes
                                                                                      MD5 hash:B6F6C3C38568EE26F1AC70411A822405
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000012.00000002.2981390523.00000000034D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:19
                                                                                      Start time:06:35:38
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                      Imagebase:0x7ff6ae840000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000013.00000002.3217827850.0000000005664000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:06:35:38
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff66e660000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:21
                                                                                      Start time:06:36:00
                                                                                      Start date:18/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\uzfvalidate.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\uzfvalidate.exe
                                                                                      Imagebase:0x140000000
                                                                                      File size:2'364'728 bytes
                                                                                      MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000015.00000002.3996938900.000000000273A000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Has exited:false

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:17.6%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:25.9%
                                                                                        Total number of Nodes:1474
                                                                                        Total number of Limit Nodes:20
                                                                                        execution_graph 9006 410e7f 9007 410e9a 9006->9007 9008 410eb5 9007->9008 9010 40f42d 9007->9010 9011 40f445 free 9010->9011 9012 40f437 9010->9012 9013 4024e7 46 API calls 9011->9013 9012->9011 9014 40f456 9012->9014 9013->9014 9014->9008 10837 411a2d _EH_prolog 10840 4117b9 10837->10840 10839 411a61 10841 4117e9 10840->10841 10842 4117cd 10840->10842 10841->10839 10842->10841 10860 40e58f 10842->10860 10845 40e58f 47 API calls 10846 411801 10845->10846 10846->10841 10847 40e58f 47 API calls 10846->10847 10848 411813 10847->10848 10848->10841 10849 40e58f 47 API calls 10848->10849 10850 411828 10849->10850 10850->10841 10866 40e9b5 10850->10866 10852 41183d 10852->10841 10872 41168a 10852->10872 10854 411a16 10882 40ea88 10854->10882 10857 41164e _CxxThrowException 10859 4118a0 10857->10859 10858 4115a9 memmove _CxxThrowException 10858->10859 10859->10841 10859->10854 10859->10857 10859->10858 10876 4116c7 10859->10876 10861 40e59e 10860->10861 10862 40e5b9 10861->10862 10886 40e556 10861->10886 10862->10841 10862->10845 10865 4024c4 46 API calls 10865->10862 10867 40e9c4 10866->10867 10868 40e9de 10867->10868 10890 40e964 10867->10890 10868->10852 10871 4024c4 46 API calls 10871->10868 10873 411693 10872->10873 10875 4116c4 10873->10875 10894 40e63c 10873->10894 10875->10859 10877 411726 10876->10877 10878 4116df 10876->10878 10879 411709 10877->10879 10881 40e63c _CxxThrowException 10877->10881 10878->10879 10880 40e63c _CxxThrowException 10878->10880 10879->10859 10880->10879 10881->10879 10883 40ea8d 10882->10883 10884 40eaa0 10883->10884 10901 40e9f7 10883->10901 10884->10841 10889 401b1f VirtualFree 10886->10889 10888 40e561 10888->10865 10889->10888 10893 401b1f VirtualFree 10890->10893 10892 40e96e 10892->10871 10893->10892 10897 40e5d3 10894->10897 10898 40e5e1 10897->10898 10899 40e5e5 10897->10899 10898->10873 10899->10898 10900 40e60a _CxxThrowException 10899->10900 10900->10898 10902 40ea0b 10901->10902 10903 40ea30 10902->10903 10904 40ea1c memmove 10902->10904 10903->10883 10904->10903 8238 4096c7 _EH_prolog 8252 4096fa 8238->8252 8239 40971c 8240 409827 8273 40118a 8240->8273 8242 4094e0 _CxxThrowException ??2@YAPAXI memcpy ??3@YAXPAX 8242->8252 8243 409851 8246 40985e ??2@YAPAXI 8243->8246 8244 40983c 8324 409425 8244->8324 8247 409878 8246->8247 8253 4098c2 8247->8253 8254 409925 ??2@YAPAXI 8247->8254 8258 409530 3 API calls 8247->8258 8260 409425 ctype 3 API calls 8247->8260 8262 4099a2 8247->8262 8267 409a65 8247->8267 8283 409fb4 8247->8283 8287 408ea4 8247->8287 8330 409c13 ??2@YAPAXI 8247->8330 8332 409f49 8247->8332 8248 40969d 8 API calls 8248->8252 8250 40e959 VirtualFree ??3@YAXPAX free free ctype 8250->8252 8252->8239 8252->8240 8252->8242 8252->8248 8252->8250 8317 4095b7 8252->8317 8321 409403 8252->8321 8327 409530 8253->8327 8254->8247 8258->8247 8260->8247 8263 409530 3 API calls 8262->8263 8264 4099c7 8263->8264 8265 409425 ctype 3 API calls 8264->8265 8265->8239 8269 409530 3 API calls 8267->8269 8270 409a84 8269->8270 8271 409425 ctype 3 API calls 8270->8271 8271->8239 8274 401198 GetDiskFreeSpaceExW 8273->8274 8275 4011ee SendMessageW 8273->8275 8274->8275 8276 4011b0 8274->8276 8277 4011d6 8275->8277 8276->8275 8278 401f9d 19 API calls 8276->8278 8277->8243 8277->8244 8279 4011c9 8278->8279 8280 407717 25 API calls 8279->8280 8281 4011cf 8280->8281 8281->8277 8282 4011e7 8281->8282 8282->8275 8284 409fdd 8283->8284 8336 409dff 8284->8336 8610 40aef3 8287->8610 8290 408ec1 8290->8247 8292 408fd5 8628 408b7c 8292->8628 8293 408f0d ??2@YAPAXI 8302 408ef5 8293->8302 8295 408f31 ??2@YAPAXI 8295->8302 8302->8292 8302->8293 8302->8295 8671 40cdb8 ??2@YAPAXI 8302->8671 8318 4095c6 8317->8318 8320 4095cc 8317->8320 8318->8252 8319 4095e2 _CxxThrowException 8319->8318 8320->8318 8320->8319 8322 40e8e2 4 API calls 8321->8322 8323 40940b 8322->8323 8323->8252 8325 40e8da ctype 3 API calls 8324->8325 8326 409433 8325->8326 8328 408963 ctype 3 API calls 8327->8328 8329 40953b 8328->8329 8331 409c45 8330->8331 8331->8247 8334 409f4e 8332->8334 8333 409f75 8333->8247 8334->8333 8335 409cde 110 API calls 8334->8335 8335->8334 8339 409e04 8336->8339 8337 409e3a 8337->8247 8339->8337 8340 409cde 8339->8340 8341 409cf8 8340->8341 8345 401626 8341->8345 8408 40db1f 8341->8408 8342 409d2c 8342->8339 8346 401642 8345->8346 8352 401638 8345->8352 8411 40a62f _EH_prolog 8346->8411 8348 40166f 8455 40eca9 8348->8455 8349 401411 2 API calls 8351 401688 8349->8351 8353 401962 ??3@YAXPAX 8351->8353 8354 40169d 8351->8354 8352->8342 8358 40eca9 VariantClear 8353->8358 8437 401329 8354->8437 8357 4016a8 8441 401454 8357->8441 8358->8352 8361 401362 2 API calls 8362 4016c7 ??3@YAXPAX 8361->8362 8367 4016d9 8362->8367 8394 401928 ??3@YAXPAX 8362->8394 8364 40eca9 VariantClear 8364->8352 8365 4016fa 8366 40eca9 VariantClear 8365->8366 8368 401702 ??3@YAXPAX 8366->8368 8367->8365 8369 401764 8367->8369 8382 401725 8367->8382 8368->8348 8372 4017a2 8369->8372 8373 401789 8369->8373 8370 40eca9 VariantClear 8371 401737 ??3@YAXPAX 8370->8371 8371->8348 8375 4017c4 GetLocalTime SystemTimeToFileTime 8372->8375 8376 4017aa 8372->8376 8374 40eca9 VariantClear 8373->8374 8377 401791 ??3@YAXPAX 8374->8377 8375->8376 8378 4017e1 8376->8378 8379 4017f8 8376->8379 8376->8382 8377->8348 8459 403354 lstrlenW 8378->8459 8446 40301a GetFileAttributesW 8379->8446 8382->8370 8384 401934 GetLastError 8384->8394 8385 401818 ??2@YAPAXI 8387 401824 8385->8387 8386 40192a 8386->8384 8483 40db53 8387->8483 8390 40190f 8393 40eca9 VariantClear 8390->8393 8391 40185f GetLastError 8486 4012f7 8391->8486 8393->8394 8394->8364 8395 401871 8396 403354 86 API calls 8395->8396 8399 40187f ??3@YAXPAX 8395->8399 8397 4018cc 8396->8397 8397->8399 8401 40db53 2 API calls 8397->8401 8400 40189c 8399->8400 8402 40eca9 VariantClear 8400->8402 8403 4018f1 8401->8403 8404 4018aa ??3@YAXPAX 8402->8404 8405 4018f5 GetLastError 8403->8405 8406 401906 ??3@YAXPAX 8403->8406 8404->8348 8405->8399 8406->8390 8602 40da56 8408->8602 8412 40a738 8411->8412 8413 40a66a 8411->8413 8414 40a687 8412->8414 8415 40a73d 8412->8415 8413->8414 8416 40a704 8413->8416 8417 40a679 8413->8417 8423 40a6ad 8414->8423 8515 40a3b0 8414->8515 8420 40a747 8415->8420 8422 40a699 8415->8422 8424 40a6f2 8415->8424 8416->8423 8489 40e69c 8416->8489 8418 40a67e 8417->8418 8417->8424 8427 40a684 8418->8427 8435 40a6b2 8418->8435 8420->8424 8420->8435 8422->8423 8503 40ed59 8422->8503 8498 40ecae 8423->8498 8511 40ed34 8424->8511 8426 40a71a 8492 40eced 8426->8492 8427->8414 8427->8422 8433 40eca9 VariantClear 8434 40166b 8433->8434 8434->8348 8434->8349 8435->8423 8507 40ed79 8435->8507 8438 401340 8437->8438 8439 40112b 2 API calls 8438->8439 8440 40134b 8439->8440 8440->8357 8442 4012f7 2 API calls 8441->8442 8443 401462 8442->8443 8530 4013e2 8443->8530 8445 40146d 8445->8361 8447 403037 8446->8447 8453 401804 8446->8453 8448 403048 8447->8448 8449 40303b SetLastError 8447->8449 8450 403051 8448->8450 8452 40305f FindFirstFileW 8448->8452 8448->8453 8449->8453 8533 402fed 8450->8533 8452->8450 8454 403072 FindClose CompareFileTime 8452->8454 8453->8384 8453->8385 8453->8386 8454->8450 8454->8453 8456 40ec65 8455->8456 8457 40ec86 VariantClear 8456->8457 8458 40ec9d 8456->8458 8457->8352 8458->8352 8460 4024fc 2 API calls 8459->8460 8461 403375 8460->8461 8462 40112b 2 API calls 8461->8462 8465 403385 8461->8465 8462->8465 8464 4033d3 GetSystemTimeAsFileTime GetFileAttributesW 8466 4033e8 8464->8466 8467 4033f2 8464->8467 8465->8464 8474 403477 8465->8474 8574 401986 CreateDirectoryW 8465->8574 8468 40301a 22 API calls 8466->8468 8469 401986 4 API calls 8467->8469 8479 4033f8 ??3@YAXPAX 8467->8479 8468->8467 8482 403405 8469->8482 8470 4034a7 8471 407776 55 API calls 8470->8471 8477 4034b1 ??3@YAXPAX 8471->8477 8472 40340a 8580 407776 8472->8580 8474->8470 8474->8479 8475 40346b ??3@YAXPAX 8480 4034bc 8475->8480 8476 40341d memcpy 8476->8482 8477->8480 8479->8480 8480->8382 8481 401986 4 API calls 8481->8482 8482->8472 8482->8475 8482->8476 8482->8481 8599 40db3c 8483->8599 8487 40112b 2 API calls 8486->8487 8488 401311 8487->8488 8488->8395 8490 4012f7 2 API calls 8489->8490 8491 40e6a9 8490->8491 8491->8426 8519 40ecd7 8492->8519 8495 40ed12 8496 40a726 ??3@YAXPAX 8495->8496 8497 40ed17 _CxxThrowException 8495->8497 8496->8423 8497->8496 8522 40ec65 8498->8522 8500 40ecba 8501 40a7b2 8500->8501 8502 40ecbe memcpy 8500->8502 8501->8433 8502->8501 8504 40ed62 8503->8504 8505 40ed67 8503->8505 8506 40ecd7 VariantClear 8504->8506 8505->8423 8506->8505 8508 40ed82 8507->8508 8509 40ed87 8507->8509 8510 40ecd7 VariantClear 8508->8510 8509->8423 8510->8509 8512 40ed42 8511->8512 8513 40ed3d 8511->8513 8512->8423 8514 40ecd7 VariantClear 8513->8514 8514->8512 8516 40a3c2 8515->8516 8517 40a3de 8516->8517 8526 40eda0 8516->8526 8517->8423 8520 40eca9 VariantClear 8519->8520 8521 40ecdf SysAllocString 8520->8521 8521->8495 8521->8496 8523 40ec6d 8522->8523 8524 40ec86 VariantClear 8523->8524 8525 40ec9d 8523->8525 8524->8500 8525->8500 8527 40edae 8526->8527 8528 40eda9 8526->8528 8527->8517 8529 40ecd7 VariantClear 8528->8529 8529->8527 8531 401398 2 API calls 8530->8531 8532 4013f2 8531->8532 8532->8445 8539 402c86 8533->8539 8535 402ff6 8536 403017 8535->8536 8537 402ffb GetLastError 8535->8537 8536->8453 8538 403006 8537->8538 8538->8453 8540 402c93 GetFileAttributesW 8539->8540 8541 402c8f 8539->8541 8542 402ca4 8540->8542 8543 402ca9 8540->8543 8541->8535 8542->8535 8544 402cc7 8543->8544 8545 402cad SetFileAttributesW 8543->8545 8550 402b79 8544->8550 8547 402cc3 8545->8547 8548 402cba DeleteFileW 8545->8548 8547->8535 8548->8535 8551 4024fc 2 API calls 8550->8551 8552 402b90 8551->8552 8553 40254d 2 API calls 8552->8553 8554 402b9d FindFirstFileW 8553->8554 8555 402c55 SetFileAttributesW 8554->8555 8570 402bbf 8554->8570 8557 402c60 RemoveDirectoryW 8555->8557 8558 402c78 ??3@YAXPAX 8555->8558 8556 401329 2 API calls 8556->8570 8557->8558 8559 402c6d ??3@YAXPAX 8557->8559 8560 402c80 8558->8560 8559->8560 8560->8535 8562 40254d 2 API calls 8562->8570 8563 402c24 SetFileAttributesW 8563->8558 8567 402c2d DeleteFileW 8563->8567 8564 402bef lstrcmpW 8565 402c05 lstrcmpW 8564->8565 8566 402c38 FindNextFileW 8564->8566 8565->8566 8565->8570 8568 402c4e FindClose 8566->8568 8566->8570 8567->8570 8568->8555 8569 402b79 2 API calls 8569->8570 8570->8556 8570->8558 8570->8562 8570->8563 8570->8564 8570->8566 8570->8569 8571 401429 8570->8571 8572 401398 2 API calls 8571->8572 8573 401433 8572->8573 8573->8570 8575 4019c7 8574->8575 8576 401997 GetLastError 8574->8576 8575->8465 8577 4019b1 GetFileAttributesW 8576->8577 8579 4019a6 8576->8579 8577->8575 8577->8579 8578 4019a7 SetLastError 8578->8465 8579->8575 8579->8578 8581 401f9d 19 API calls 8580->8581 8582 40778a wvsprintfW 8581->8582 8583 407859 8582->8583 8584 4077ab GetLastError FormatMessageW 8582->8584 8587 4076a8 25 API calls 8583->8587 8585 4077d9 FormatMessageW 8584->8585 8586 4077ee lstrlenW lstrlenW ??2@YAPAXI lstrcpyW lstrcpyW 8584->8586 8585->8583 8585->8586 8591 4076a8 8586->8591 8590 407865 8587->8590 8590->8479 8592 407715 ??3@YAXPAX LocalFree 8591->8592 8593 4076b7 8591->8593 8592->8590 8594 40661a 2 API calls 8593->8594 8595 4076c6 IsWindow 8594->8595 8596 4076ef 8595->8596 8597 4076dd IsBadReadPtr 8595->8597 8598 4073d1 21 API calls 8596->8598 8597->8596 8598->8592 8600 40db1f 2 API calls 8599->8600 8601 401857 8600->8601 8601->8390 8601->8391 8607 40d985 8602->8607 8605 40da65 CreateFileW 8606 40da8a 8605->8606 8606->8342 8608 40d98f CloseHandle 8607->8608 8609 40d99a 8607->8609 8608->8609 8609->8605 8609->8606 8611 40af0c 8610->8611 8626 408ebd 8610->8626 8611->8626 8701 40ac7a 8611->8701 8613 40af3f 8614 40ac7a 7 API calls 8613->8614 8615 40b0cb 8613->8615 8619 40af96 8614->8619 8617 40e959 ctype 4 API calls 8615->8617 8616 40afbd 8708 40e959 8616->8708 8617->8626 8619->8615 8619->8616 8620 40b043 8621 40e959 ctype 4 API calls 8620->8621 8624 40b07f 8621->8624 8622 408761 _CxxThrowException ??2@YAPAXI memcpy ??3@YAXPAX 8623 40afc6 8622->8623 8623->8620 8623->8622 8625 40e959 ctype 4 API calls 8624->8625 8625->8626 8626->8290 8627 4065ea InitializeCriticalSection 8626->8627 8627->8302 8720 4086f0 8628->8720 8672 40cdc7 8671->8672 8673 408761 4 API calls 8672->8673 8674 40cdde 8673->8674 8674->8302 8702 40e8da ctype 3 API calls 8701->8702 8703 40ac86 8702->8703 8712 40e811 8703->8712 8705 40aca2 8705->8613 8706 409403 4 API calls 8707 40ac90 8706->8707 8707->8705 8707->8706 8709 40e93b 8708->8709 8710 40e8da ctype 3 API calls 8709->8710 8711 40e943 ??3@YAXPAX 8710->8711 8711->8623 8713 40e8a5 8712->8713 8714 40e824 8712->8714 8713->8707 8715 40e833 _CxxThrowException 8714->8715 8716 40e863 ??2@YAPAXI 8714->8716 8717 40e895 ??3@YAXPAX 8714->8717 8715->8714 8716->8714 8718 40e879 memcpy 8716->8718 8717->8713 8718->8717 8721 40e8da ctype 3 API calls 8720->8721 8722 4086f8 8721->8722 8723 40e8da ctype 3 API calls 8722->8723 8724 408700 8723->8724 8725 40e8da ctype 3 API calls 8724->8725 8726 408708 8725->8726 9015 40dace 9018 40daac 9015->9018 9021 40da8f 9018->9021 9022 40da56 2 API calls 9021->9022 9023 40daa9 9022->9023 9005 40dadc ReadFile 9024 411def __set_app_type __p__fmode __p__commode 9025 411e5e 9024->9025 9026 411e72 9025->9026 9027 411e66 __setusermatherr 9025->9027 9036 411f66 _controlfp 9026->9036 9027->9026 9029 411e77 _initterm __getmainargs _initterm 9030 411ecb GetStartupInfoA 9029->9030 9032 411eff GetModuleHandleA 9030->9032 9037 4064af _EH_prolog 9032->9037 9036->9029 9040 404faa 9037->9040 9345 401b37 GetModuleHandleW CreateWindowExW 9040->9345 9043 404fdc 9044 40648e MessageBoxA 9043->9044 9046 404ff6 9043->9046 9045 4064a5 exit _XcptFilter 9044->9045 9047 401411 2 API calls 9046->9047 9048 40502d 9047->9048 9049 401411 2 API calls 9048->9049 9050 405035 9049->9050 9348 403e23 9050->9348 9055 40254d 2 API calls 9056 405073 9055->9056 9357 402a69 9056->9357 9058 40507c 9371 403d71 9058->9371 9061 40509b _wtol 9063 4050b1 9061->9063 9376 404405 9063->9376 9064 4050d6 9065 403d71 6 API calls 9064->9065 9066 4050e1 9065->9066 9067 4050e7 9066->9067 9068 405118 9066->9068 9533 404996 9067->9533 9069 405130 GetModuleFileNameW 9068->9069 9071 40112b 2 API calls 9068->9071 9072 405151 9069->9072 9073 405142 9069->9073 9071->9069 9078 403d71 6 API calls 9072->9078 9075 407776 55 API calls 9073->9075 9074 4050ee ??3@YAXPAX 9551 403e70 9074->9551 9083 4050ec 9075->9083 9077 4050ff ??3@YAXPAX ??3@YAXPAX 9077->9045 9090 405173 9078->9090 9079 4052d5 9080 401362 2 API calls 9079->9080 9081 4052e5 9080->9081 9082 401362 2 API calls 9081->9082 9087 4052f2 9082->9087 9083->9074 9084 4051fa 9084->9083 9085 40522a 9084->9085 9089 405213 _wtol 9084->9089 9086 403d71 6 API calls 9085->9086 9095 405289 9086->9095 9088 40538d ??2@YAPAXI 9087->9088 9091 401329 2 API calls 9087->9091 9097 405399 9088->9097 9089->9085 9090->9079 9090->9083 9090->9084 9090->9085 9094 401429 2 API calls 9090->9094 9092 405327 9091->9092 9093 401329 2 API calls 9092->9093 9099 40533d 9093->9099 9094->9090 9095->9079 9096 404594 2 API calls 9095->9096 9098 4052ba 9096->9098 9100 4053cf 9097->9100 9104 407776 55 API calls 9097->9104 9098->9079 9102 401362 2 API calls 9098->9102 9103 401362 2 API calls 9099->9103 9401 4025ae 9100->9401 9102->9079 9106 405367 9103->9106 9104->9100 9108 401f9d 19 API calls 9106->9108 9107 4025ae 2 API calls 9110 4053f6 9107->9110 9109 40536e 9108->9109 9111 40254d 2 API calls 9109->9111 9112 4025ae 2 API calls 9110->9112 9113 405377 9111->9113 9114 4053fe 9112->9114 9113->9088 9404 404e3f 9114->9404 9119 40546f 9121 405534 9119->9121 9124 403d71 6 API calls 9119->9124 9120 402844 10 API calls 9122 405441 9120->9122 9123 40e8da ctype 3 API calls 9121->9123 9122->9119 9127 407776 55 API calls 9122->9127 9125 40553c 9123->9125 9126 405493 9124->9126 9128 405573 9125->9128 9582 403093 9125->9582 9126->9121 9134 40549d 9126->9134 9129 405450 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9127->9129 9131 405506 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9128->9131 9132 40557c 9128->9132 9129->9119 9131->9074 9131->9083 9136 405588 wsprintfW 9132->9136 9137 4055ed 9132->9137 9143 401411 2 API calls 9132->9143 9144 401329 ??2@YAPAXI ??3@YAXPAX 9132->9144 9147 401f9d 19 API calls 9132->9147 9616 402f6c ??2@YAPAXI 9132->9616 9622 402425 ??3@YAXPAX ??3@YAXPAX 9132->9622 9134->9131 9556 404cbc 9134->9556 9135 405556 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9138 4054f5 9135->9138 9139 401411 2 API calls 9136->9139 9432 404603 9137->9432 9138->9131 9139->9132 9142 4054cc 9142->9131 9145 407776 55 API calls 9142->9145 9143->9132 9144->9132 9146 4054da ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9145->9146 9146->9138 9147->9132 9148 40584a 9149 404603 26 API calls 9148->9149 9182 40586a 9149->9182 9151 403b94 lstrlenW lstrlenW _wcsnicmp 9176 4055f6 9151->9176 9154 405933 9494 404034 9154->9494 9155 4024fc 2 API calls 9155->9182 9159 4059d8 CoInitialize 9166 40243b lstrcmpW 9159->9166 9160 40595a 9163 40243b lstrcmpW 9160->9163 9161 405935 ??3@YAXPAX 9161->9154 9165 405969 9163->9165 9164 401411 ??2@YAPAXI ??3@YAXPAX 9164->9182 9167 405979 9165->9167 9169 401f9d 19 API calls 9165->9169 9168 4059fe 9166->9168 9649 403b40 9167->9649 9170 405a12 9168->9170 9173 401329 2 API calls 9168->9173 9169->9167 9500 403b59 9170->9500 9172 401362 2 API calls 9172->9182 9173->9170 9176->9148 9176->9151 9192 4057dd _wtol 9176->9192 9208 405878 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9176->9208 9623 40484d 9176->9623 9634 40408b 9176->9634 9178 4073d1 21 API calls 9181 40599c ctype 9178->9181 9179 401329 2 API calls 9179->9182 9180 405a4d 9184 405a2b ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9180->9184 9222 405a61 9180->9222 9669 4082e9 9180->9669 9185 4059a7 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9181->9185 9182->9154 9182->9155 9182->9161 9182->9164 9182->9172 9182->9179 9187 402f6c 7 API calls 9182->9187 9491 40243b 9182->9491 9648 402425 ??3@YAXPAX ??3@YAXPAX 9182->9648 9184->9180 9185->9083 9187->9182 9189 405910 ??3@YAXPAX 9189->9182 9190 401411 2 API calls 9190->9222 9192->9176 9193 405bd8 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9213 405bf3 9193->9213 9194 405a9f GetKeyState 9194->9222 9195 405c6c 9197 405ca2 9195->9197 9198 405c74 9195->9198 9196 40243b lstrcmpW 9196->9222 9201 4012f7 2 API calls 9197->9201 9711 403f85 9198->9711 9202 405cb0 9201->9202 9205 403b59 15 API calls 9202->9205 9209 405cb9 9205->9209 9206 407776 55 API calls 9210 405c13 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9206->9210 9207 401362 2 API calls 9211 405c91 ??3@YAXPAX 9207->9211 9208->9083 9212 405cca ??3@YAXPAX 9209->9212 9216 401362 2 API calls 9209->9216 9210->9213 9217 405cd9 9211->9217 9212->9217 9213->9206 9214 405c4a ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9213->9214 9214->9213 9215 405bcd ??3@YAXPAX 9215->9222 9216->9212 9219 405d24 9217->9219 9220 405d16 9217->9220 9218 401329 ??2@YAPAXI ??3@YAXPAX 9218->9222 9724 40786b 9219->9724 9507 404a44 9220->9507 9222->9190 9222->9193 9222->9194 9222->9195 9222->9196 9222->9213 9222->9214 9222->9215 9222->9218 9224 401429 ??2@YAPAXI ??3@YAXPAX 9222->9224 9696 407613 9222->9696 9705 407674 9222->9705 9224->9222 9225 405d20 9226 405d65 9225->9226 9730 403e0d 9225->9730 9227 404034 21 API calls 9226->9227 9229 405d77 9227->9229 9231 401411 2 API calls 9229->9231 9232 406373 9229->9232 9233 405d95 9231->9233 9234 4063f7 ctype 9232->9234 9237 40243b lstrcmpW 9232->9237 9277 405da8 9233->9277 9734 40453e 9233->9734 9236 40643a ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9234->9236 9242 40243b lstrcmpW 9234->9242 9239 406461 9236->9239 9240 406467 ??3@YAXPAX 9236->9240 9238 4063a4 9237->9238 9238->9234 9761 403f48 9238->9761 9239->9240 9241 403e70 ctype 4 API calls 9240->9241 9243 406478 ??3@YAXPAX ??3@YAXPAX 9241->9243 9245 406416 9242->9245 9243->9045 9244 401411 ??2@YAPAXI ??3@YAXPAX 9244->9277 9245->9236 9249 406423 9245->9249 9248 405dd8 9252 405de5 9248->9252 9253 4061fa ??3@YAXPAX ??3@YAXPAX 9248->9253 9250 4012f7 2 API calls 9249->9250 9255 406432 9250->9255 9251 4073d1 21 API calls 9256 4063e0 ??3@YAXPAX 9251->9256 9743 4043c6 9252->9743 9257 406312 9253->9257 9254 40243b lstrcmpW 9254->9277 9766 404aff 9255->9766 9256->9234 9260 40636a ??3@YAXPAX 9257->9260 9263 404034 21 API calls 9257->9263 9259 405e45 9265 401329 2 API calls 9259->9265 9260->9232 9268 406321 9263->9268 9269 405e4e 9265->9269 9266 4043c6 2 API calls 9267 405e0e 9266->9267 9270 401362 2 API calls 9267->9270 9751 4048ab 9268->9751 9274 403b7f 19 API calls 9269->9274 9275 405e1a ??3@YAXPAX ??3@YAXPAX GetFileAttributesW 9270->9275 9272 40626b ??3@YAXPAX ??3@YAXPAX 9272->9257 9273 401329 2 API calls 9273->9277 9290 405e57 9274->9290 9278 406211 9275->9278 9279 405e41 9275->9279 9276 40633a SetCurrentDirectoryW 9280 4048ab 4 API calls 9276->9280 9277->9244 9277->9248 9277->9254 9277->9259 9277->9272 9277->9273 9281 401429 2 API calls 9277->9281 9284 403e0d 16 API calls 9278->9284 9279->9259 9282 406362 9280->9282 9283 405ee5 ??3@YAXPAX ??3@YAXPAX 9281->9283 9285 403e0d 16 API calls 9282->9285 9283->9277 9286 406216 9284->9286 9285->9260 9287 407776 55 API calls 9286->9287 9288 40621f 7 API calls 9287->9288 9289 40625e 9288->9289 9289->9272 9291 405f61 _wtol 9290->9291 9292 403bce lstrlenW lstrlenW _wcsnicmp 9290->9292 9293 406025 9290->9293 9291->9290 9292->9290 9294 406080 9293->9294 9295 40602e 9293->9295 9296 401362 2 API calls 9294->9296 9297 406053 9295->9297 9298 406034 9295->9298 9299 40607e 9296->9299 9301 401329 2 API calls 9297->9301 9300 401329 2 API calls 9298->9300 9302 40254d 2 API calls 9299->9302 9303 40603f 9300->9303 9304 406051 9301->9304 9305 406092 9302->9305 9306 40254d 2 API calls 9303->9306 9307 40243b lstrcmpW 9304->9307 9308 401411 2 API calls 9305->9308 9309 406048 9306->9309 9310 406068 9307->9310 9311 40609a 9308->9311 9312 40254d 2 API calls 9309->9312 9310->9305 9314 40254d 2 API calls 9310->9314 9313 401411 2 API calls 9311->9313 9312->9304 9315 4060a2 memset 9313->9315 9314->9299 9316 4060e1 9315->9316 9317 404594 2 API calls 9316->9317 9318 4060fe 9317->9318 9319 401329 2 API calls 9318->9319 9320 406109 9319->9320 9321 403b7f 19 API calls 9320->9321 9322 406112 9321->9322 9323 4061b1 9322->9323 9527 4021ed 9322->9527 9325 4062ee ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9323->9325 9327 4061c5 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9323->9327 9325->9257 9327->9253 9328 406150 9330 403b7f 19 API calls 9328->9330 9329 401429 2 API calls 9331 406147 9329->9331 9332 406168 ShellExecuteExW 9330->9332 9334 40254d 2 API calls 9331->9334 9335 406282 9332->9335 9336 40618c 9332->9336 9334->9328 9339 407776 55 API calls 9335->9339 9337 4061a0 CloseHandle 9336->9337 9338 406192 WaitForSingleObject 9336->9338 9748 402185 9337->9748 9338->9337 9341 40628c 9339->9341 9342 403e0d 16 API calls 9341->9342 9343 406291 9 API calls 9342->9343 9344 4062e1 9343->9344 9344->9325 9346 401b6c SetTimer GetMessageW DispatchMessageW KillTimer KiUserCallbackDispatcher 9345->9346 9347 401b9f GetVersionExW 9345->9347 9346->9347 9347->9043 9347->9044 9349 40112b 2 API calls 9348->9349 9350 403e38 GetCommandLineW 9349->9350 9351 404594 9350->9351 9352 4045ce 9351->9352 9355 4045a2 9351->9355 9354 401429 2 API calls 9352->9354 9356 4045c6 9352->9356 9353 401429 2 API calls 9353->9355 9354->9352 9355->9353 9355->9356 9356->9055 9358 401411 2 API calls 9357->9358 9364 402a79 9358->9364 9359 401362 2 API calls 9360 402b6c ??3@YAXPAX 9359->9360 9360->9058 9361 402b5f 9361->9359 9363 401411 2 API calls 9363->9364 9364->9361 9364->9363 9365 401429 ??2@YAPAXI ??3@YAXPAX 9364->9365 9367 401362 2 API calls 9364->9367 9805 4025c6 9364->9805 9808 40272e 9364->9808 9365->9364 9368 402ad9 ??3@YAXPAX 9367->9368 9369 4013e2 2 API calls 9368->9369 9370 402aee ??3@YAXPAX ??3@YAXPAX 9369->9370 9370->9364 9372 403d80 9371->9372 9373 403dbd 9372->9373 9374 403d9a lstrlenW lstrlenW 9372->9374 9373->9061 9373->9063 9819 401a85 9374->9819 9377 401f47 3 API calls 9376->9377 9378 404416 9377->9378 9379 401f9d 19 API calls 9378->9379 9380 40441d 9379->9380 9381 401f9d 19 API calls 9380->9381 9382 404429 9381->9382 9383 401f9d 19 API calls 9382->9383 9384 404435 9383->9384 9385 401f9d 19 API calls 9384->9385 9386 404441 9385->9386 9387 401f9d 19 API calls 9386->9387 9388 40444d 9387->9388 9389 401f9d 19 API calls 9388->9389 9390 404459 9389->9390 9391 401f9d 19 API calls 9390->9391 9392 404465 9391->9392 9393 404480 SHGetSpecialFolderPathW 9392->9393 9396 404533 #17 9392->9396 9397 401411 2 API calls 9392->9397 9398 401329 ??2@YAPAXI ??3@YAXPAX 9392->9398 9400 402f6c 7 API calls 9392->9400 9824 402425 ??3@YAXPAX ??3@YAXPAX 9392->9824 9393->9392 9394 40449a wsprintfW 9393->9394 9395 401411 2 API calls 9394->9395 9395->9392 9396->9064 9397->9392 9398->9392 9400->9392 9402 4022b0 2 API calls 9401->9402 9403 4025c2 9402->9403 9403->9107 9825 403e86 9404->9825 9406 404e56 9407 403e86 2 API calls 9406->9407 9408 404e65 9407->9408 9829 404343 9408->9829 9412 404e82 ??3@YAXPAX 9413 404343 3 API calls 9412->9413 9414 404e9d 9413->9414 9415 403ec1 2 API calls 9414->9415 9416 404ea8 ??3@YAXPAX wsprintfA 9415->9416 9845 403ef6 9416->9845 9418 404ed0 9419 403ef6 2 API calls 9418->9419 9420 404edb 9419->9420 9421 402844 9420->9421 9422 402851 9421->9422 9430 40dcfb 3 API calls 9422->9430 9423 402863 lstrlenA lstrlenA 9428 402890 9423->9428 9424 40296e 9424->9119 9424->9120 9425 40293b memmove 9425->9424 9425->9428 9426 4028db memcmp 9426->9424 9426->9428 9427 402918 memcmp 9427->9428 9428->9424 9428->9425 9428->9426 9428->9427 9431 40dcc7 GetLastError 9428->9431 9856 402640 9428->9856 9430->9423 9431->9428 9433 40243b lstrcmpW 9432->9433 9434 40461c 9433->9434 9435 40466c 9434->9435 9437 401329 2 API calls 9434->9437 9436 40243b lstrcmpW 9435->9436 9438 40468a 9436->9438 9439 404633 9437->9439 9442 40243b lstrcmpW 9438->9442 9440 401f9d 19 API calls 9439->9440 9441 40463a 9440->9441 9444 40254d 2 API calls 9441->9444 9443 4046a2 9442->9443 9446 40243b lstrcmpW 9443->9446 9445 404643 9444->9445 9447 401329 2 API calls 9445->9447 9448 4046ba 9446->9448 9449 40465c 9447->9449 9451 40243b lstrcmpW 9448->9451 9450 401f9d 19 API calls 9449->9450 9452 404663 9450->9452 9453 4046d2 9451->9453 9454 40254d 2 API calls 9452->9454 9455 4046e9 9453->9455 9456 4046d9 lstrcmpiW 9453->9456 9454->9435 9457 40243b lstrcmpW 9455->9457 9456->9455 9458 4046ff 9457->9458 9459 40243b lstrcmpW 9458->9459 9460 40472c 9459->9460 9461 404739 9460->9461 9859 403d1f 9460->9859 9463 40243b lstrcmpW 9461->9463 9467 40474d 9463->9467 9464 40476d 9465 40243b lstrcmpW 9464->9465 9472 404780 9465->9472 9467->9464 9468 40243b lstrcmpW 9467->9468 9863 403cc6 9467->9863 9468->9467 9469 4047a0 9471 40243b lstrcmpW 9469->9471 9473 4047ac 9471->9473 9472->9469 9474 40243b lstrcmpW 9472->9474 9867 403cf7 9472->9867 9475 40243b lstrcmpW 9473->9475 9474->9472 9476 4047bd 9475->9476 9477 40243b lstrcmpW 9476->9477 9478 4047ce 9477->9478 9479 4047e4 9478->9479 9480 4047db _wtol 9478->9480 9481 40243b lstrcmpW 9479->9481 9480->9479 9482 4047f0 9481->9482 9483 404800 9482->9483 9484 4047f7 _wtol 9482->9484 9485 40243b lstrcmpW 9483->9485 9484->9483 9486 40480c 9485->9486 9487 40243b lstrcmpW 9486->9487 9488 404824 9487->9488 9489 40243b lstrcmpW 9488->9489 9490 40483c 9489->9490 9490->9176 9875 4023dd 9491->9875 9495 404045 9494->9495 9496 404088 9494->9496 9497 4012f7 2 API calls 9495->9497 9498 403b7f 19 API calls 9495->9498 9496->9159 9496->9160 9497->9495 9499 404062 SetEnvironmentVariableW ??3@YAXPAX 9498->9499 9499->9495 9499->9496 9501 40393b 7 API calls 9500->9501 9502 403b69 9501->9502 9503 4039f6 7 API calls 9502->9503 9504 403b74 9503->9504 9505 4027c7 6 API calls 9504->9505 9506 403b7a 9505->9506 9506->9180 9652 4083b6 9506->9652 9879 408676 9507->9879 9509 404a55 ??2@YAPAXI 9510 404a64 9509->9510 9524 40dcfb 3 API calls 9510->9524 9511 404a85 9881 40b2fc 9511->9881 9887 40a7de _EH_prolog 9511->9887 9512 404a95 9513 404ab3 9512->9513 9514 404a99 9512->9514 9516 404ada ??2@YAPAXI 9513->9516 9519 403354 86 API calls 9513->9519 9515 407776 55 API calls 9514->9515 9523 404aa1 9515->9523 9517 404ae6 9516->9517 9518 404aed 9516->9518 9922 404292 9517->9922 9903 40150b 9518->9903 9521 404ac6 9519->9521 9521->9516 9521->9523 9523->9225 9524->9511 9528 402200 LoadLibraryA GetProcAddress 9527->9528 9529 4021fb 9527->9529 9530 40221b 9528->9530 9531 402223 9528->9531 9529->9323 9529->9328 9529->9329 9530->9529 9531->9530 10385 4021b9 LoadLibraryA GetProcAddress 9531->10385 9534 40661a 2 API calls 9533->9534 9535 4049af 9534->9535 9536 401f9d 19 API calls 9535->9536 9537 4049bd 9536->9537 9538 4024fc 2 API calls 9537->9538 9539 4049c7 9538->9539 9540 4049fd 9539->9540 9542 40254d ??2@YAPAXI ??3@YAXPAX 9539->9542 9541 40254d 2 API calls 9540->9541 9543 404a0a 9541->9543 9542->9539 9544 401f9d 19 API calls 9543->9544 9545 404a11 9544->9545 9546 40254d 2 API calls 9545->9546 9547 404a1b 9546->9547 9548 4073d1 21 API calls 9547->9548 9549 404a30 ??3@YAXPAX 9548->9549 9550 404a41 ctype 9549->9550 9550->9083 9552 40e8da ctype 3 API calls 9551->9552 9553 403e7e 9552->9553 9554 40e8da ctype 3 API calls 9553->9554 9555 40e943 ??3@YAXPAX 9554->9555 9555->9077 9557 40db53 2 API calls 9556->9557 9558 404ce8 9557->9558 9559 404d44 9558->9559 9561 4024fc 2 API calls 9558->9561 9560 4025ae 2 API calls 9559->9560 9562 404d4c 9560->9562 9563 404cf7 9561->9563 9564 403e86 2 API calls 9562->9564 9567 404db5 ??3@YAXPAX 9563->9567 9569 403354 86 API calls 9563->9569 9565 404d59 9564->9565 9566 403ef6 2 API calls 9565->9566 9568 404d66 9566->9568 9581 404db1 9567->9581 9570 403ef6 2 API calls 9568->9570 9571 404d1b 9569->9571 9572 404d73 9570->9572 9571->9567 9574 40db53 2 API calls 9571->9574 9573 403ef6 2 API calls 9572->9573 9575 404d80 9573->9575 9576 404d37 9574->9576 9577 40dd5f 2 API calls 9575->9577 9576->9567 9578 404d3b ??3@YAXPAX 9576->9578 9579 404d94 9577->9579 9578->9559 9579->9567 9580 404d9d ??3@YAXPAX 9579->9580 9580->9581 9581->9142 9583 4025ae 2 API calls 9582->9583 9599 4030a8 9583->9599 9584 403301 9585 403344 ??3@YAXPAX 9584->9585 9586 40334e 9585->9586 9586->9128 9586->9135 9587 401411 ??2@YAPAXI ??3@YAXPAX 9587->9599 9589 40272e ??2@YAPAXI ??3@YAXPAX MultiByteToWideChar 9589->9599 9590 401362 2 API calls 9591 4030f3 ??3@YAXPAX ??3@YAXPAX 9590->9591 9592 403303 9591->9592 9591->9599 10393 4029c3 9592->10393 9596 40331c ??3@YAXPAX 9596->9586 9597 4031e5 strncmp 9598 4031d0 strncmp 9597->9598 9597->9599 9598->9597 9598->9599 9599->9584 9599->9587 9599->9589 9599->9590 9599->9592 9599->9597 9600 401362 2 API calls 9599->9600 9601 402640 2 API calls 9599->9601 9604 402640 ??2@YAPAXI ??3@YAXPAX 9599->9604 9606 4023dd lstrcmpW 9599->9606 9607 402f6c 7 API calls 9599->9607 9609 403330 9599->9609 9610 4032b2 lstrcmpW 9599->9610 9614 401329 2 API calls 9599->9614 10387 402986 9599->10387 10392 402425 ??3@YAXPAX ??3@YAXPAX 9599->10392 9602 403252 ??3@YAXPAX 9600->9602 9601->9598 9603 402a69 9 API calls 9602->9603 9605 403263 lstrcmpW 9603->9605 9604->9599 9605->9599 9606->9599 9607->9599 9612 402f6c 7 API calls 9609->9612 9610->9599 9611 4032c0 lstrcmpW 9610->9611 9611->9599 9613 40333c 9612->9613 10411 402425 ??3@YAXPAX ??3@YAXPAX 9613->10411 9614->9599 9617 402f86 9616->9617 9618 402f7b 9616->9618 9620 408761 4 API calls 9617->9620 10413 402668 9618->10413 9621 402f92 9620->9621 9621->9132 9622->9132 9624 4024fc 2 API calls 9623->9624 9625 40485f 9624->9625 9626 40254d 2 API calls 9625->9626 9627 40486c 9626->9627 9628 404888 9627->9628 9629 401429 2 API calls 9627->9629 9630 40254d 2 API calls 9628->9630 9629->9627 9631 404892 9630->9631 9632 40408b 94 API calls 9631->9632 9633 40489d ??3@YAXPAX 9632->9633 9633->9176 9635 4040a2 lstrlenW 9634->9635 9636 4040ce 9634->9636 9637 401a85 4 API calls 9635->9637 9636->9176 9638 4040b8 9637->9638 9638->9635 9638->9636 9639 4040d5 9638->9639 9640 4024fc 2 API calls 9639->9640 9643 4040de 9640->9643 10418 402776 9643->10418 9644 403093 84 API calls 9645 40414c 9644->9645 9646 404156 ??3@YAXPAX ??3@YAXPAX 9645->9646 9647 40416d ??3@YAXPAX ??3@YAXPAX 9645->9647 9646->9636 9647->9636 9648->9189 9650 40661a 2 API calls 9649->9650 9651 403b48 9650->9651 9651->9178 9653 408646 9652->9653 9665 4083d5 ctype 9652->9665 9653->9184 9654 40661a 2 API calls 9654->9665 9655 40786b 23 API calls 9655->9665 9656 40243b lstrcmpW 9656->9665 9658 407674 23 API calls 9658->9665 9659 407613 23 API calls 9659->9665 9660 403b40 2 API calls 9660->9665 9661 401f9d 19 API calls 9661->9665 9662 407776 55 API calls 9662->9665 9663 403f48 4 API calls 9663->9665 9664 4073d1 21 API calls 9664->9665 9665->9653 9665->9654 9665->9655 9665->9656 9665->9658 9665->9659 9665->9660 9665->9661 9665->9662 9665->9663 9665->9664 9666 407717 25 API calls 9665->9666 9667 4073d1 21 API calls 9665->9667 10428 40744b 9665->10428 9666->9665 9668 408476 ??3@YAXPAX 9667->9668 9668->9665 9670 40243b lstrcmpW 9669->9670 9671 4082fd 9670->9671 9672 40830b 9671->9672 10432 4019f0 GetStdHandle WriteFile 9671->10432 9674 40831e 9672->9674 10433 4019f0 GetStdHandle WriteFile 9672->10433 9676 408333 9674->9676 10434 4019f0 GetStdHandle WriteFile 9674->10434 9678 408344 9676->9678 10435 4019f0 GetStdHandle WriteFile 9676->10435 9680 40243b lstrcmpW 9678->9680 9681 408351 9680->9681 9684 40835f 9681->9684 10436 4019f0 GetStdHandle WriteFile 9681->10436 9683 40243b lstrcmpW 9685 40836c 9683->9685 9684->9683 9686 40837a 9685->9686 10437 4019f0 GetStdHandle WriteFile 9685->10437 9688 40243b lstrcmpW 9686->9688 9689 408387 9688->9689 9690 408395 9689->9690 10438 4019f0 GetStdHandle WriteFile 9689->10438 9692 40243b lstrcmpW 9690->9692 9693 4083a2 9692->9693 9694 4083b2 9693->9694 10439 4019f0 GetStdHandle WriteFile 9693->10439 9694->9180 9697 407636 9696->9697 9698 407658 9697->9698 9699 40764b 9697->9699 10443 407186 9698->10443 10440 407154 9699->10440 9702 407653 9703 4073d1 21 API calls 9702->9703 9704 407671 9703->9704 9704->9222 9706 407689 9705->9706 9707 40716d 2 API calls 9706->9707 9708 407694 9707->9708 9709 4073d1 21 API calls 9708->9709 9710 4076a5 9709->9710 9710->9222 9712 401411 2 API calls 9711->9712 9713 403f96 9712->9713 9714 402535 2 API calls 9713->9714 9715 403f9f GetTempPathW 9714->9715 9716 403fb8 9715->9716 9721 403fcf 9715->9721 9717 402535 2 API calls 9716->9717 9718 403fc3 GetTempPathW 9717->9718 9718->9721 9719 402535 2 API calls 9720 403ff2 wsprintfW 9719->9720 9720->9721 9721->9719 9722 404009 GetFileAttributesW 9721->9722 9723 40402d 9721->9723 9722->9721 9722->9723 9723->9207 9725 40787e 9724->9725 10449 40719f 9725->10449 9728 4073d1 21 API calls 9729 4078b3 9728->9729 9729->9225 9731 403e21 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9730->9731 9732 403e16 9730->9732 9731->9226 9733 402c86 16 API calls 9732->9733 9733->9731 9735 40243b lstrcmpW 9734->9735 9736 40455d 9735->9736 9737 404592 9736->9737 9738 401329 2 API calls 9736->9738 9737->9277 9739 40456c 9738->9739 9740 403b7f 19 API calls 9739->9740 9741 404572 9740->9741 9741->9737 9742 401429 2 API calls 9741->9742 9742->9737 9744 4012f7 2 API calls 9743->9744 9745 4043d4 9744->9745 9746 40254d 2 API calls 9745->9746 9747 4043df 9746->9747 9747->9266 9749 4021a9 9748->9749 9750 40218e LoadLibraryA GetProcAddress 9748->9750 9749->9323 9750->9749 9752 401411 2 API calls 9751->9752 9759 4048bc 9752->9759 9753 401329 2 API calls 9753->9759 9754 40494e 9755 404988 ??3@YAXPAX 9754->9755 9757 4048ab 3 API calls 9754->9757 9755->9276 9756 401429 2 API calls 9756->9759 9758 404985 9757->9758 9758->9755 9759->9753 9759->9754 9759->9756 9760 40243b lstrcmpW 9759->9760 9760->9759 9762 40661a 2 API calls 9761->9762 9763 403f50 9762->9763 9764 401411 2 API calls 9763->9764 9765 403f5e 9764->9765 9765->9251 9767 404cb1 ??3@YAXPAX 9766->9767 9769 404b15 9766->9769 9770 404cb7 9767->9770 9768 404b29 GetDriveTypeW 9768->9767 9771 404b55 9768->9771 9769->9767 9769->9768 9770->9236 9772 403f85 6 API calls 9771->9772 9773 404b63 CreateFileW 9772->9773 9774 404b89 9773->9774 9775 404c7b ??3@YAXPAX ??3@YAXPAX 9773->9775 9776 401411 2 API calls 9774->9776 9775->9770 9777 404b92 9776->9777 9778 401329 2 API calls 9777->9778 9779 404b9f 9778->9779 9780 40254d 2 API calls 9779->9780 9781 404bad 9780->9781 9782 4013e2 2 API calls 9781->9782 9783 404bb9 9782->9783 9784 40254d 2 API calls 9783->9784 9785 404bc7 9784->9785 9786 40254d 2 API calls 9785->9786 9787 404bd4 9786->9787 9788 4013e2 2 API calls 9787->9788 9789 404be0 9788->9789 9790 40254d 2 API calls 9789->9790 9791 404bed 9790->9791 9792 40254d 2 API calls 9791->9792 9793 404bf6 9792->9793 9794 4013e2 2 API calls 9793->9794 9795 404c02 9794->9795 9796 40254d 2 API calls 9795->9796 9797 404c0b 9796->9797 9798 402776 3 API calls 9797->9798 9799 404c1d WriteFile ??3@YAXPAX CloseHandle 9798->9799 9800 404c4b 9799->9800 9801 404c8c 9799->9801 9800->9801 9802 404c53 SetFileAttributesW ShellExecuteW ??3@YAXPAX 9800->9802 9803 402c86 16 API calls 9801->9803 9802->9775 9804 404c94 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9803->9804 9804->9770 9814 4022b0 9805->9814 9809 401411 2 API calls 9808->9809 9810 40273a 9809->9810 9811 402772 9810->9811 9812 402535 2 API calls 9810->9812 9811->9364 9813 402757 MultiByteToWideChar 9812->9813 9813->9811 9815 4022ea 9814->9815 9816 4022be ??2@YAPAXI 9814->9816 9815->9364 9816->9815 9818 4022cf 9816->9818 9817 4022e2 ??3@YAXPAX 9817->9815 9818->9817 9818->9818 9820 401ae3 9819->9820 9821 401a97 9819->9821 9820->9373 9821->9820 9822 401abc CharUpperW CharUpperW 9821->9822 9822->9821 9823 401af3 CharUpperW CharUpperW 9822->9823 9823->9820 9824->9392 9826 403e9e 9825->9826 9827 4022b0 2 API calls 9826->9827 9828 403eac 9827->9828 9828->9406 9830 40435e 9829->9830 9831 404375 9830->9831 9832 40436a 9830->9832 9833 4025ae 2 API calls 9831->9833 9849 4025f6 9832->9849 9834 40437e 9833->9834 9836 4022b0 2 API calls 9834->9836 9838 404387 9836->9838 9837 404373 9841 403ec1 9837->9841 9838->9838 9839 4025f6 2 API calls 9838->9839 9840 4043b5 ??3@YAXPAX 9839->9840 9840->9837 9842 403ecd 9841->9842 9844 403ede 9841->9844 9843 4022b0 2 API calls 9842->9843 9843->9844 9844->9412 9846 403f06 9845->9846 9846->9846 9852 4022fc 9846->9852 9848 403f13 9848->9418 9850 4022b0 2 API calls 9849->9850 9851 402610 9850->9851 9851->9837 9853 402340 9852->9853 9854 402310 9852->9854 9853->9848 9855 4022b0 2 API calls 9854->9855 9855->9853 9857 4022fc 2 API calls 9856->9857 9858 40264a 9857->9858 9858->9428 9860 403d3d 9859->9860 9871 403c63 9860->9871 9864 403cd3 9863->9864 9865 403c63 _wtol 9864->9865 9866 403cf4 9865->9866 9866->9467 9868 403d04 9867->9868 9869 403c63 _wtol 9868->9869 9870 403d1c 9869->9870 9870->9472 9872 403c6d 9871->9872 9873 403c88 _wtol 9872->9873 9874 403cc1 9872->9874 9873->9872 9874->9461 9876 4023e8 9875->9876 9877 402411 9876->9877 9878 4023f4 lstrcmpW 9876->9878 9877->9182 9878->9876 9878->9877 9880 408679 9879->9880 9880->9509 9882 40b30d 9881->9882 9886 40dcfb 3 API calls 9882->9886 9883 40b321 9884 40b331 9883->9884 9927 40b163 9883->9927 9884->9512 9886->9883 9888 40a7fe 9887->9888 9889 40b2fc 11 API calls 9888->9889 9890 40a823 9889->9890 9891 40a845 9890->9891 9892 40a82c 9890->9892 9955 40cc59 _EH_prolog 9891->9955 9958 40a3fe 9892->9958 9904 40151e 9903->9904 9905 401329 2 API calls 9904->9905 9906 40152b 9905->9906 9907 401429 2 API calls 9906->9907 9908 401534 CreateThread 9907->9908 9909 401563 9908->9909 9910 401568 WaitForSingleObject 9908->9910 10379 40129c 9908->10379 9911 40786b 23 API calls 9909->9911 9912 401585 9910->9912 9913 4015b7 9910->9913 9911->9910 9916 4015a3 9912->9916 9919 401594 9912->9919 9914 4015b3 9913->9914 9915 4015bf GetExitCodeThread 9913->9915 9914->9523 9917 4015d6 9915->9917 9918 407776 55 API calls 9916->9918 9917->9914 9917->9919 9920 401605 SetLastError 9917->9920 9918->9914 9919->9914 9921 407776 55 API calls 9919->9921 9920->9919 9921->9914 9923 401411 2 API calls 9922->9923 9924 4042ab 9923->9924 9925 401411 2 API calls 9924->9925 9926 4042b7 9925->9926 9926->9518 9940 40f0b6 9927->9940 9929 40b192 9929->9884 9930 40b17e 9930->9929 9943 40adc3 9930->9943 9933 40b297 ??3@YAXPAX 9933->9929 9934 40b2a2 ??3@YAXPAX 9934->9929 9936 40b27a memmove 9937 40b1d9 9936->9937 9937->9933 9937->9934 9937->9936 9938 40b2ac memcpy 9937->9938 9939 40dcfb 3 API calls 9938->9939 9939->9934 9951 40f06b 9940->9951 9944 40add0 9943->9944 9945 40ae0d memcpy 9943->9945 9946 40add5 ??2@YAPAXI 9944->9946 9947 40adfb 9944->9947 9945->9937 9948 40adfd ??3@YAXPAX 9946->9948 9949 40ade5 memmove 9946->9949 9947->9948 9948->9945 9949->9948 9952 40f0af 9951->9952 9953 40f07d 9951->9953 9952->9930 9953->9952 9954 40dcc7 GetLastError 9953->9954 9954->9953 9966 40c9fc 9955->9966 10362 40a28e 9958->10362 9988 40a0bf 9966->9988 10111 40a030 9988->10111 10112 40e8da ctype 3 API calls 10111->10112 10113 40a039 10112->10113 10114 40e8da ctype 3 API calls 10113->10114 10115 40a041 10114->10115 10116 40e8da ctype 3 API calls 10115->10116 10117 40a049 10116->10117 10118 40e8da ctype 3 API calls 10117->10118 10119 40a051 10118->10119 10120 40e8da ctype 3 API calls 10119->10120 10121 40a059 10120->10121 10122 40e8da ctype 3 API calls 10121->10122 10123 40a061 10122->10123 10124 40e8da ctype 3 API calls 10123->10124 10125 40a06b 10124->10125 10126 40e8da ctype 3 API calls 10125->10126 10127 40a073 10126->10127 10128 40e8da ctype 3 API calls 10127->10128 10129 40a080 10128->10129 10130 40e8da ctype 3 API calls 10129->10130 10131 40a088 10130->10131 10132 40e8da ctype 3 API calls 10131->10132 10133 40a095 10132->10133 10134 40e8da ctype 3 API calls 10133->10134 10135 40a09d 10134->10135 10136 40e8da ctype 3 API calls 10135->10136 10137 40a0aa 10136->10137 10138 40e8da ctype 3 API calls 10137->10138 10139 40a0b2 10138->10139 10363 40e8da ctype 3 API calls 10362->10363 10364 40a29c 10363->10364 10380 4012a5 10379->10380 10381 4012b8 10379->10381 10380->10381 10382 4012a7 Sleep 10380->10382 10383 4012f1 10381->10383 10384 4012e3 EndDialog 10381->10384 10382->10380 10384->10383 10386 4021db 10385->10386 10386->9530 10388 4025ae 2 API calls 10387->10388 10389 402992 10388->10389 10390 4029be 10389->10390 10391 402640 2 API calls 10389->10391 10390->9599 10391->10389 10392->9599 10394 4029d2 10393->10394 10395 4029de 10393->10395 10412 4019f0 GetStdHandle WriteFile 10394->10412 10397 4025ae 2 API calls 10395->10397 10401 4029e8 10397->10401 10398 4029d9 10410 402425 ??3@YAXPAX ??3@YAXPAX 10398->10410 10399 402a13 10400 40272e 3 API calls 10399->10400 10402 402a25 10400->10402 10401->10399 10405 402640 2 API calls 10401->10405 10403 402a33 10402->10403 10404 402a47 10402->10404 10406 407776 55 API calls 10403->10406 10407 407776 55 API calls 10404->10407 10405->10401 10408 402a42 ??3@YAXPAX ??3@YAXPAX 10406->10408 10407->10408 10408->10398 10410->9596 10411->9585 10412->10398 10414 4012f7 2 API calls 10413->10414 10415 402676 10414->10415 10416 4012f7 2 API calls 10415->10416 10417 402682 10416->10417 10417->9617 10419 4025ae 2 API calls 10418->10419 10420 402785 10419->10420 10421 4027c1 10420->10421 10424 402628 10420->10424 10421->9644 10425 402634 10424->10425 10426 40263a WideCharToMultiByte 10424->10426 10427 4022b0 2 API calls 10425->10427 10426->10421 10427->10426 10429 407456 10428->10429 10430 40745b 10428->10430 10429->9665 10430->10429 10431 4073d1 21 API calls 10430->10431 10431->10429 10432->9672 10433->9674 10434->9676 10435->9678 10436->9684 10437->9686 10438->9690 10439->9694 10441 40661a 2 API calls 10440->10441 10442 40715c 10441->10442 10442->9702 10446 40716d 10443->10446 10447 40661a 2 API calls 10446->10447 10448 407175 10447->10448 10448->9702 10450 40661a 2 API calls 10449->10450 10451 4071a7 10450->10451 10451->9728 8032 40f3f1 8035 4024e7 8032->8035 8040 40245a 8035->8040 8038 4024f5 8039 4024f6 malloc 8041 40246a 8040->8041 8047 402466 8040->8047 8042 40247a GlobalMemoryStatusEx 8041->8042 8041->8047 8043 402488 8042->8043 8042->8047 8043->8047 8048 401f9d 8043->8048 8047->8038 8047->8039 8049 401fb4 8048->8049 8050 401fe5 GetLastError wsprintfW GetEnvironmentVariableW GetLastError 8049->8050 8051 401fdb 8049->8051 8052 402095 SetLastError 8050->8052 8053 40201d ??2@YAPAXI GetEnvironmentVariableW 8050->8053 8068 407717 8051->8068 8052->8051 8058 4020ac 8052->8058 8054 40204c GetLastError 8053->8054 8067 40207e ??3@YAXPAX 8053->8067 8055 402052 8054->8055 8054->8067 8061 402081 8055->8061 8062 40205c lstrcmpiW 8055->8062 8057 4020cb lstrlenA ??2@YAPAXI 8059 402136 MultiByteToWideChar 8057->8059 8060 4020fc GetLocaleInfoW 8057->8060 8058->8057 8075 401f47 8058->8075 8059->8051 8060->8059 8065 402123 _wtol 8060->8065 8061->8052 8066 40206b ??3@YAXPAX 8062->8066 8062->8067 8064 4020c1 8064->8057 8065->8059 8066->8061 8067->8061 8082 40661a 8068->8082 8071 40773c IsBadReadPtr 8073 40774e 8071->8073 8086 4073d1 8073->8086 8076 401f51 GetUserDefaultUILanguage 8075->8076 8077 401f95 8075->8077 8078 401f72 GetSystemDefaultUILanguage 8076->8078 8079 401f6e 8076->8079 8077->8064 8078->8077 8080 401f7e GetSystemDefaultLCID 8078->8080 8079->8064 8080->8077 8081 401f8e 8080->8081 8081->8077 8083 406643 8082->8083 8084 40666f IsWindow 8082->8084 8083->8084 8085 40664b GetSystemMetrics GetSystemMetrics 8083->8085 8084->8071 8084->8073 8085->8084 8087 4073e0 8086->8087 8088 407444 8086->8088 8087->8088 8098 4024fc 8087->8098 8088->8047 8090 4073f1 8091 4024fc 2 API calls 8090->8091 8092 4073fc 8091->8092 8102 403b7f 8092->8102 8095 403b7f 19 API calls 8096 40740e ??3@YAXPAX ??3@YAXPAX 8095->8096 8096->8088 8099 402513 8098->8099 8111 40112b 8099->8111 8101 40251e 8101->8090 8175 403880 8102->8175 8104 403b59 8116 40393b 8104->8116 8106 403b69 8139 4039f6 8106->8139 8108 403b74 8162 4027c7 8108->8162 8112 401177 8111->8112 8113 401139 ??2@YAPAXI 8111->8113 8112->8101 8113->8112 8115 40115a 8113->8115 8114 40116f ??3@YAXPAX 8114->8112 8115->8114 8115->8115 8198 401411 8116->8198 8120 403954 8205 40254d 8120->8205 8122 403961 8123 4024fc 2 API calls 8122->8123 8124 40396e 8123->8124 8209 403805 8124->8209 8127 401362 2 API calls 8128 403992 8127->8128 8129 40254d 2 API calls 8128->8129 8130 40399f 8129->8130 8131 4024fc 2 API calls 8130->8131 8132 4039ac 8131->8132 8133 403805 3 API calls 8132->8133 8134 4039bc ??3@YAXPAX 8133->8134 8135 4024fc 2 API calls 8134->8135 8136 4039d3 8135->8136 8137 403805 3 API calls 8136->8137 8138 4039e2 ??3@YAXPAX ??3@YAXPAX 8137->8138 8138->8106 8140 401411 2 API calls 8139->8140 8141 403a04 8140->8141 8142 401362 2 API calls 8141->8142 8143 403a0f 8142->8143 8144 40254d 2 API calls 8143->8144 8145 403a1c 8144->8145 8146 4024fc 2 API calls 8145->8146 8147 403a29 8146->8147 8148 403805 3 API calls 8147->8148 8149 403a39 ??3@YAXPAX 8148->8149 8150 401362 2 API calls 8149->8150 8151 403a4d 8150->8151 8152 40254d 2 API calls 8151->8152 8153 403a5a 8152->8153 8154 4024fc 2 API calls 8153->8154 8155 403a67 8154->8155 8156 403805 3 API calls 8155->8156 8157 403a77 ??3@YAXPAX 8156->8157 8158 4024fc 2 API calls 8157->8158 8159 403a8e 8158->8159 8160 403805 3 API calls 8159->8160 8161 403a9d ??3@YAXPAX ??3@YAXPAX 8160->8161 8161->8108 8163 401411 2 API calls 8162->8163 8164 4027d5 8163->8164 8165 4027e5 ExpandEnvironmentStringsW 8164->8165 8166 40112b 2 API calls 8164->8166 8167 402809 8165->8167 8168 4027fe ??3@YAXPAX 8165->8168 8166->8165 8234 402535 8167->8234 8169 402840 8168->8169 8169->8095 8172 402824 8173 401362 2 API calls 8172->8173 8174 402838 ??3@YAXPAX 8173->8174 8174->8169 8176 401411 2 API calls 8175->8176 8177 40388e 8176->8177 8178 401362 2 API calls 8177->8178 8179 403899 8178->8179 8180 40254d 2 API calls 8179->8180 8181 4038a6 8180->8181 8182 4024fc 2 API calls 8181->8182 8183 4038b3 8182->8183 8184 403805 3 API calls 8183->8184 8185 4038c3 ??3@YAXPAX 8184->8185 8186 401362 2 API calls 8185->8186 8187 4038d7 8186->8187 8188 40254d 2 API calls 8187->8188 8189 4038e4 8188->8189 8190 4024fc 2 API calls 8189->8190 8191 4038f1 8190->8191 8192 403805 3 API calls 8191->8192 8193 403901 ??3@YAXPAX 8192->8193 8194 4024fc 2 API calls 8193->8194 8195 403918 8194->8195 8196 403805 3 API calls 8195->8196 8197 403927 ??3@YAXPAX ??3@YAXPAX 8196->8197 8197->8104 8199 40112b 2 API calls 8198->8199 8200 401425 8199->8200 8201 401362 8200->8201 8202 40136e 8201->8202 8204 401380 8201->8204 8203 40112b 2 API calls 8202->8203 8203->8204 8204->8120 8206 40255a 8205->8206 8214 401398 8206->8214 8208 402565 8208->8122 8210 40381b 8209->8210 8211 403817 ??3@YAXPAX 8209->8211 8210->8211 8218 4026b1 8210->8218 8222 402f96 8210->8222 8211->8127 8215 4013dc 8214->8215 8216 4013ac 8214->8216 8215->8208 8217 40112b 2 API calls 8216->8217 8217->8215 8219 4026c7 8218->8219 8220 4026db 8219->8220 8226 402346 memmove 8219->8226 8220->8210 8223 402fa5 8222->8223 8225 402fbe 8223->8225 8227 4026e6 8223->8227 8225->8210 8226->8220 8228 4026f6 8227->8228 8229 401398 2 API calls 8228->8229 8230 402702 8229->8230 8233 402346 memmove 8230->8233 8232 40270f 8232->8225 8233->8232 8235 402541 8234->8235 8236 402547 ExpandEnvironmentStringsW 8234->8236 8237 40112b 2 API calls 8235->8237 8236->8172 8237->8236 11181 40e4f9 11182 40e516 11181->11182 11183 40e506 11181->11183 11186 40de46 11183->11186 11189 401b1f VirtualFree 11186->11189 11188 40de81 ??3@YAXPAX 11188->11182 11189->11188

                                                                                        Executed Functions

                                                                                        Function 00404FAA Relevance: 250.2, APIs: 103, Strings: 39, Instructions: 1671keyboardsynchronizationwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00401B37: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,00404FBD,?,?,00000000), ref: 00401B43
                                                                                          • Part of subcall function 00401B37: CreateWindowExW.USER32(00000000,Static,0041335C,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00401B60
                                                                                          • Part of subcall function 00401B37: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00401B72
                                                                                          • Part of subcall function 00401B37: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00401B7F
                                                                                          • Part of subcall function 00401B37: DispatchMessageW.USER32(?), ref: 00401B89
                                                                                          • Part of subcall function 00401B37: KillTimer.USER32(00000000,00000001,?,?,?,?,?,00404FBD,?,?,00000000), ref: 00401B92
                                                                                          • Part of subcall function 00401B37: KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,00404FBD,?,?,00000000), ref: 00401B99
                                                                                        • GetVersionExW.KERNEL32(?,?,?,00000000), ref: 00404FCE
                                                                                        • GetCommandLineW.KERNEL32(?,00000020,?,?,00000000), ref: 0040505C
                                                                                          • Part of subcall function 00402A69: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,00000000,00000020,?,?,?,?,?,?,?,?,0040507C,?,00000000), ref: 00402ADC
                                                                                          • Part of subcall function 00402A69: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,00000000,00000020,?,?,?,?,?,?,?,?,0040507C,?), ref: 00402AF7
                                                                                          • Part of subcall function 00402A69: ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000000,00000000,00000020,?,?,?,?,?,?,?,?,0040507C), ref: 00402AFF
                                                                                          • Part of subcall function 00402A69: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000020,?,?,?,?,?,?,?,?,0040507C,?,00000000), ref: 00402B6F
                                                                                          • Part of subcall function 00403D71: lstrlenW.KERNEL32(?,00000000,00000020,?,0040508F,?,?,00000000,?,00000000), ref: 00403DA5
                                                                                          • Part of subcall function 00403D71: lstrlenW.KERNEL32(?,?,00000000), ref: 00403DAD
                                                                                        • _wtol.MSVCRT ref: 0040509F
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 004050F1
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405102
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 0040510A
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,00000208,00000000,?,00000000), ref: 00405138
                                                                                        • _wtol.MSVCRT ref: 00405217
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000010,004177C4,004177C4,?,00000000), ref: 0040538F
                                                                                          • Part of subcall function 00404E3F: ??3@YAXPAX@Z.MSVCRT(004177C4,004177C4,004177C4,00000000,00000025,;!@InstallEnd@!,;!@Install@!UTF-8!,00000000,00000000), ref: 00404E85
                                                                                          • Part of subcall function 00404E3F: ??3@YAXPAX@Z.MSVCRT(004177C4,004177C4,004177C4,00000000,00000025,004177C4,004177C4,00000000,00000025,;!@InstallEnd@!,;!@Install@!UTF-8!,00000000,00000000), ref: 00404EAB
                                                                                          • Part of subcall function 00404E3F: wsprintfA.USER32 ref: 00404EBC
                                                                                          • Part of subcall function 00402844: lstrlenA.KERNEL32(?,?,00000000), ref: 00402876
                                                                                          • Part of subcall function 00402844: lstrlenA.KERNEL32(?,?,00000000), ref: 0040287E
                                                                                          • Part of subcall function 00402844: memcmp.MSVCRT(?,?,?), ref: 004028E4
                                                                                          • Part of subcall function 00402844: memcmp.MSVCRT(?,?,?,?,00000000), ref: 00402921
                                                                                          • Part of subcall function 00402844: memmove.MSVCRT(?,?,00000000,?,00000000), ref: 00402953
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000009,?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405453
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000009,?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 0040545B
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000009,?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405463
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,0000000A,?,?,00000000,004177C4,004177C4,?,00000000), ref: 004054DD
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000000A,?,?,00000000,004177C4,004177C4,?,00000000), ref: 004054E5
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0000000A,?,?,00000000,004177C4,004177C4,?,00000000), ref: 004054ED
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405509
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405511
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405519
                                                                                          • Part of subcall function 00403093: ??3@YAXPAX@Z.MSVCRT(0040414C,?), ref: 00403347
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405559
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405561
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,004177C4,004177C4,?,00000000), ref: 00405569
                                                                                          • Part of subcall function 00403B94: lstrlenW.KERNEL32(?,00000020,?,?,00405650,?,00414668,?,00000000,?), ref: 00403BA1
                                                                                          • Part of subcall function 00403B94: lstrlenW.KERNEL32(?,?,?,?,?,?,?,004177C4,004177C4,?,00000000), ref: 00403BAA
                                                                                          • Part of subcall function 00403B94: _wcsnicmp.MSVCRT ref: 00403BB6
                                                                                        • wsprintfW.USER32 ref: 00405595
                                                                                        • _wtol.MSVCRT ref: 004057DE
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?,?,?,?,?,?,004177C4,004177C4,?,00000000), ref: 0040587B
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?,?,?,?,?,?,004177C4,004177C4,?,00000000), ref: 00405883
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?,?,?,?,?,?,004177C4,004177C4,?,00000000), ref: 0040588B
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,0000003D,00000000,00000000,?,?,00000000,?), ref: 00405913
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,0000003D,00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,004177C4,004177C4), ref: 00405938
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000011,00000000,00000000,0000003D,00000000,00000000,?,?,00000000,?), ref: 004059AA
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000011,00000000,00000000,0000003D,00000000,00000000,?,?,00000000,?), ref: 004059B2
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000011,00000000,00000000,0000003D,00000000,00000000,?,?,00000000,?), ref: 004059BA
                                                                                        • CoInitialize.OLE32(00000000), ref: 004059E9
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,004177C4), ref: 00405A30
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,?), ref: 00405A38
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000,?), ref: 00405A40
                                                                                        • GetKeyState.USER32(00000010), ref: 00405AA1
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,004177C4), ref: 00405BCD
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00405BDB
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00405BE3
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,0000000E,?,?,?,00000000,AutoInstall), ref: 00405C16
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000000E,?,?,?,00000000,AutoInstall), ref: 00405C1E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0000000E,?,?,?,00000000,AutoInstall), ref: 00405C26
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,0000000E,?,?,?,00000000,AutoInstall), ref: 00405C2E
                                                                                        • memset.MSVCRT ref: 004060AE
                                                                                        • ShellExecuteExW.SHELL32(?), ref: 0040617E
                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?), ref: 0040619A
                                                                                        • CloseHandle.KERNEL32(?,?,?,?), ref: 004061A6
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?), ref: 004061D4
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?,?), ref: 004061DC
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?,?), ref: 004061E4
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?,?), ref: 004061EA
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,AutoInstall,?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 004061FD
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,AutoInstall,?,?,00417788,?,?,?,?,?,?,?,?,00000000), ref: 00406205
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 00406222
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 0040622A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 00406232
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 0040623A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 00406242
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall), ref: 0040624A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,0000000F,?,?,?,?,00000000,AutoInstall), ref: 00406252
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 0040626E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00406276
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00405BEB
                                                                                          • Part of subcall function 00407776: wvsprintfW.USER32(?,00000000,?), ref: 0040779A
                                                                                          • Part of subcall function 00407776: GetLastError.KERNEL32(?,00000000,0000FDE9), ref: 004077AB
                                                                                          • Part of subcall function 00407776: FormatMessageW.KERNEL32(00001100,00000000,00000000,00402A50,00402A50,00000000,00000000,?,00000000,0000FDE9), ref: 004077D3
                                                                                          • Part of subcall function 00407776: FormatMessageW.KERNEL32(00001100,00000000,00402A50,00000000,00402A50,00000000,00000000,?,00000000,0000FDE9), ref: 004077E8
                                                                                          • Part of subcall function 00407776: lstrlenW.KERNEL32(?,?,00000000,0000FDE9), ref: 004077FB
                                                                                          • Part of subcall function 00407776: lstrlenW.KERNEL32(00402A50,?,00000000,0000FDE9), ref: 00407802
                                                                                          • Part of subcall function 00407776: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,0000FDE9), ref: 00407817
                                                                                          • Part of subcall function 00407776: lstrcpyW.KERNEL32(00000000,?,?,00000000,0000FDE9), ref: 0040782D
                                                                                          • Part of subcall function 00407776: lstrcpyW.KERNEL32(-00000002,00402A50,?,00000000,0000FDE9), ref: 0040783E
                                                                                          • Part of subcall function 00407776: ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000,0000FDE9), ref: 00407847
                                                                                          • Part of subcall function 00407776: LocalFree.KERNEL32(00402A50,?,00000000,0000FDE9), ref: 00407851
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,004177C4), ref: 00405C4A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,?), ref: 00405C52
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000,?), ref: 00405C5A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00405C62
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 00405C94
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00405CD4
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00405D41
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00405D49
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00405D51
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00405D59
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 00405E20
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 00405E28
                                                                                        • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,00000000,AutoInstall,?,?,00417788), ref: 00405E32
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,AutoInstall,?,?,00417788,?,?,?,?,?,?,?,?,00000000,?), ref: 00405EEC
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,AutoInstall,?,?,00417788,?,?,?,?,?,?,?,?,00000000), ref: 00405EF4
                                                                                        • _wtol.MSVCRT ref: 00405F65
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000001,00000010,?,?,?,?), ref: 00406294
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000001,00000010,?,?,?,?), ref: 0040629C
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000001,00000010,?,?,?,?), ref: 004062A4
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000001,00000010,?,?,?,?), ref: 004062AA
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000001,00000010,?,?,?,?), ref: 004062B2
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000001,00000010,?,?,?,?), ref: 004062BA
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000001,00000010,?,?,?,?), ref: 004062C2
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000001,00000010,?,?,?,?), ref: 004062CA
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000001,00000010,?,?,?,?), ref: 004062D2
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?), ref: 004062F1
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?,?), ref: 004062F9
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,?,?), ref: 00406301
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?,?), ref: 00406307
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00406343
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?,?), ref: 0040636D
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000011,00000000,00000000,?,?,?,?,?,?,00000000,?,?,?), ref: 004063E6
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,?,?), ref: 0040643D
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,?,?,?), ref: 00406445
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,?,?,?), ref: 0040644D
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,?,?,?), ref: 00406455
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 0040646A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 0040647B
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000,?,?,?), ref: 00406483
                                                                                        • MessageBoxA.USER32(00000000,Sorry, this program requires Microsoft Windows 2000 or later.,7-Zip SFX,00000010), ref: 0040649C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$lstrlen$Message$_wtol$??2@FileFormatHandleModuleTimerlstrcpymemcmpwsprintf$AttributesCallbackCloseCommandCreateCurrentDirectoryDispatchDispatcherErrorExecuteFreeInitializeKillLastLineLocalNameObjectShellSingleStateUserVersionWaitWindow_wcsnicmpmemmovememsetwvsprintf
                                                                                        • String ID: 4AA$4DA$7-Zip SFX$7ZipSfx.%03x$7zSfxString%d$;!@Install@!UTF-8!$;!@InstallEnd@!$@DA$AutoInstall$BeginPrompt$Delete$ExecuteFile$ExecuteParameters$FinishMessage$GUIFlags$GUIMode$HelpText$InstallPath$MiscFlags$OverwriteMode$RunProgram$SelfDelete$SetEnvironment$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$XpA$amd64$del$forcenowait$hidcon$i386$nowait$setup.exe$sfxconfig$sfxversion$shc$x64$x86$IA
                                                                                        • API String ID: 154539431-3058303289
                                                                                        • Opcode ID: 4743b2e71ee0f06084b1d15e35037a8d4a8831b99ec55ab86745754d009a7ec0
                                                                                        • Instruction ID: bd55e9a5e2f2b8c77b34d16bce6880ff8bafa7c96c93ceffa7f521d25999041e
                                                                                        • Opcode Fuzzy Hash: 4743b2e71ee0f06084b1d15e35037a8d4a8831b99ec55ab86745754d009a7ec0
                                                                                        • Instruction Fuzzy Hash: 65C2E231904619AADF21AF61DC45AEF3769EF00708F54403BF906B61E2EB7C9981CB5D
                                                                                        Function 00401F9D Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 150stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 651 401f9d-401fb2 652 401fd0-401fd9 651->652 653 401fb4 651->653 654 401fe5-40201b GetLastError wsprintfW GetEnvironmentVariableW GetLastError 652->654 655 401fdb-401fe0 652->655 656 401fb9-401fbe 653->656 658 402095-4020a6 SetLastError 654->658 659 40201d-40204a ??2@YAPAXI@Z GetEnvironmentVariableW 654->659 657 402157-40215a 655->657 656->652 660 401fc0-401fce 656->660 663 402156 658->663 664 4020ac-4020ba 658->664 661 40208c 659->661 662 40204c-402050 GetLastError 659->662 660->652 660->656 666 40208f ??3@YAXPAX@Z 661->666 662->661 665 402052-40205a 662->665 663->657 667 4020cb-4020fa lstrlenA ??2@YAPAXI@Z 664->667 668 4020bc-4020c7 call 401f47 664->668 671 402081-40208a 665->671 672 40205c-402069 lstrcmpiW 665->672 673 402094 666->673 669 402136-402150 MultiByteToWideChar 667->669 670 4020fc-402121 GetLocaleInfoW 667->670 668->667 679 4020c9 668->679 669->663 670->669 676 402123-402131 _wtol 670->676 671->658 677 40206b-40207c ??3@YAXPAX@Z 672->677 678 40207e-40207f 672->678 673->658 676->669 677->673 678->666 679->667
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,00000020,?), ref: 00401FEC
                                                                                        • wsprintfW.USER32 ref: 00401FFD
                                                                                        • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402012
                                                                                        • GetLastError.KERNEL32 ref: 00402017
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00402032
                                                                                        • GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00402045
                                                                                        • GetLastError.KERNEL32 ref: 0040204C
                                                                                        • lstrcmpiW.KERNEL32(00000000,00000020), ref: 00402061
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00402071
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000020), ref: 0040208F
                                                                                        • SetLastError.KERNEL32(00000000), ref: 00402098
                                                                                        • lstrlenA.KERNEL32(00413FD0), ref: 004020CC
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004020E7
                                                                                        • GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00402119
                                                                                        • _wtol.MSVCRT ref: 0040212A
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00413FD0,00000001,00000000,00000002), ref: 0040214A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
                                                                                        • String ID: 7zSfxString%d$XpA$\3A
                                                                                        • API String ID: 2117570002-3108448011
                                                                                        • Opcode ID: 4df0585d944802467c8c1f90cbf06d2ee8399e943d6c49b94bfeb95e008331ba
                                                                                        • Instruction ID: 5c0681f152172bce6659d4e02be164ba9bb36eab7c70e8d4f1a0ed4420d73572
                                                                                        • Opcode Fuzzy Hash: 4df0585d944802467c8c1f90cbf06d2ee8399e943d6c49b94bfeb95e008331ba
                                                                                        • Instruction Fuzzy Hash: 11518471604305AFDB209F74DD899DBBBB9EB08345B11407AF646E62E0E774AA44CB18
                                                                                        Function 00401626 Relevance: 22.8, APIs: 15, Instructions: 304COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 680 401626-401636 681 401642-40166d call 40874d call 40a62f 680->681 682 401638-40163d 680->682 687 401680-40168c call 401411 681->687 688 40166f 681->688 683 401980-401983 682->683 694 401962-40197d ??3@YAXPAX@Z call 40eca9 687->694 695 401692-401697 687->695 689 401671-40167b call 40eca9 688->689 696 40197f 689->696 694->696 695->694 697 40169d-4016d3 call 401329 call 401454 call 401362 ??3@YAXPAX@Z 695->697 696->683 707 401948-40194b 697->707 708 4016d9-4016f8 697->708 709 40194d-401960 ??3@YAXPAX@Z call 40eca9 707->709 712 401713-401717 708->712 713 4016fa-40170e call 40eca9 ??3@YAXPAX@Z 708->713 709->696 716 401719-40171c 712->716 717 40171e-401723 712->717 713->689 719 40174b-401762 716->719 720 401745-401748 717->720 721 401725 717->721 719->713 724 401764-401787 719->724 720->719 722 401727-40172d 721->722 726 40172f-401740 call 40eca9 ??3@YAXPAX@Z 722->726 730 4017a2-4017a8 724->730 731 401789-40179d call 40eca9 ??3@YAXPAX@Z 724->731 726->689 733 4017c4-4017d6 GetLocalTime SystemTimeToFileTime 730->733 734 4017aa-4017ad 730->734 731->689 735 4017dc-4017df 733->735 737 4017b6-4017c2 734->737 738 4017af-4017b1 734->738 739 4017e1-4017eb call 403354 735->739 740 4017f8-4017ff call 40301a 735->740 737->735 738->722 739->726 745 4017f1-4017f3 739->745 744 401804-401809 740->744 746 401934-401943 GetLastError 744->746 747 40180f-401812 744->747 745->722 746->707 748 401818-401822 ??2@YAPAXI@Z 747->748 749 40192a-40192d 747->749 751 401833 748->751 752 401824-401831 748->752 749->746 753 401835-401859 call 4010e2 call 40db53 751->753 752->753 758 40190f-401928 call 408726 call 40eca9 753->758 759 40185f-40187d GetLastError call 4012f7 call 402d5a 753->759 758->709 768 4018ba-4018cf call 403354 759->768 769 40187f-401886 759->769 773 4018d1-4018d9 768->773 774 4018db-4018f3 call 40db53 768->774 772 40188a-40189a ??3@YAXPAX@Z 769->772 775 4018a2-4018b5 call 40eca9 ??3@YAXPAX@Z 772->775 776 40189c-40189e 772->776 773->772 782 4018f5-401904 GetLastError 774->782 783 401906-40190e ??3@YAXPAX@Z 774->783 775->689 776->775 782->772 783->758
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e7c7217eafbbcb249be47b89da80a201157f98187a6cb25ddb7a668070c6e083
                                                                                        • Instruction ID: 8ae67fe93764504dd4472983a8ee98937692ca3eac7777145cc28303e79798ac
                                                                                        • Opcode Fuzzy Hash: e7c7217eafbbcb249be47b89da80a201157f98187a6cb25ddb7a668070c6e083
                                                                                        • Instruction Fuzzy Hash: 8DB17C71900205EFCB14EFA5D8849AEB7B5FF44304B24842BF512BB2F1EB39A945CB58
                                                                                        Function 0040301A Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1111 40301a-403031 GetFileAttributesW 1112 403033-403035 1111->1112 1113 403037-403039 1111->1113 1114 403090-403092 1112->1114 1115 403048-40304f 1113->1115 1116 40303b-403046 SetLastError 1113->1116 1117 403051-403058 call 402fed 1115->1117 1118 40305a-40305d 1115->1118 1116->1114 1117->1114 1120 40308d-40308f 1118->1120 1121 40305f-403070 FindFirstFileW 1118->1121 1120->1114 1121->1117 1123 403072-40308b FindClose CompareFileTime 1121->1123 1123->1117 1123->1120
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNELBASE(?,-00000001), ref: 00403028
                                                                                        • SetLastError.KERNEL32(00000010), ref: 0040303D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesErrorFileLast
                                                                                        • String ID:
                                                                                        • API String ID: 1799206407-0
                                                                                        • Opcode ID: 611e1059d124648bfa8909f45edfa8144be0e8992cd1f43fa13480e02f084d79
                                                                                        • Instruction ID: 32a2c072cbeca167af0ba40feded167abd8377b8b15159977275e4e23b0806bf
                                                                                        • Opcode Fuzzy Hash: 611e1059d124648bfa8909f45edfa8144be0e8992cd1f43fa13480e02f084d79
                                                                                        • Instruction Fuzzy Hash: 42018B30102004AADF206F749C4CAAB3BACAB0136BF108632F621F11D8D738DB46965E
                                                                                        Function 0040118A Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000), ref: 004011A6
                                                                                        • SendMessageW.USER32(00008001,00000000,?), ref: 004011FF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: DiskFreeMessageSendSpace
                                                                                        • String ID:
                                                                                        • API String ID: 696007252-0
                                                                                        • Opcode ID: 7556ddfb68cb10f5cb29c3a6588dee5ba643ce1babce3ea88c9fd262dc76ef2b
                                                                                        • Instruction ID: 9edb1a80411cac00ba33afe52a6c86c35bfa08927eae57e7515b94cd88b359ae
                                                                                        • Opcode Fuzzy Hash: 7556ddfb68cb10f5cb29c3a6588dee5ba643ce1babce3ea88c9fd262dc76ef2b
                                                                                        • Instruction Fuzzy Hash: 1C014B30654209ABEB18EB90DD85F9A3BE9EB05704F108436F611F91F0CB79BA408B1D
                                                                                        Function 00411DEF Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 786 411def-411e64 __set_app_type __p__fmode __p__commode call 411f7b 789 411e72-411ec9 call 411f66 _initterm __getmainargs _initterm 786->789 790 411e66-411e71 __setusermatherr 786->790 793 411f05-411f08 789->793 794 411ecb-411ed3 789->794 790->789 795 411ee2-411ee6 793->795 796 411f0a-411f0e 793->796 797 411ed5-411ed7 794->797 798 411ed9-411edc 794->798 799 411ee8-411eea 795->799 800 411eec-411efd GetStartupInfoA 795->800 796->793 797->794 797->798 798->795 801 411ede-411edf 798->801 799->800 799->801 802 411f10-411f12 800->802 803 411eff-411f03 800->803 801->795 804 411f13-411f40 GetModuleHandleA call 4064af exit _XcptFilter 802->804 803->804
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                        • String ID: HpA
                                                                                        • API String ID: 801014965-2938899866
                                                                                        • Opcode ID: 9fb10d9e3a65800a4f5e1ed226729125e22e54dc21e3b7cab0738d928573cc55
                                                                                        • Instruction ID: 158ffaedae0d42993a529c42e252781da09b2560f8e529a8c548a3e081932a5e
                                                                                        • Opcode Fuzzy Hash: 9fb10d9e3a65800a4f5e1ed226729125e22e54dc21e3b7cab0738d928573cc55
                                                                                        • Instruction Fuzzy Hash: 254192B0944344AFDB20DFA4DC45AEA7BB8FB09711F20452FFA51973A1D7784981CB58
                                                                                        Function 00401B37 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47timewindowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,00404FBD,?,?,00000000), ref: 00401B43
                                                                                        • CreateWindowExW.USER32(00000000,Static,0041335C,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00401B60
                                                                                        • SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00401B72
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00401B7F
                                                                                        • DispatchMessageW.USER32(?), ref: 00401B89
                                                                                        • KillTimer.USER32(00000000,00000001,?,?,?,?,?,00404FBD,?,?,00000000), ref: 00401B92
                                                                                        • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,00404FBD,?,?,00000000), ref: 00401B99
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageTimer$CallbackCreateDispatchDispatcherHandleKillModuleUserWindow
                                                                                        • String ID: Static
                                                                                        • API String ID: 2479445380-2272013587
                                                                                        • Opcode ID: 3628b680e9888d51f3ede5b7fd431ea4f93bb964a28f818be4a598c22db00f11
                                                                                        • Instruction ID: f02a6d563a0a994406544e3b77250aae51f77c8b940714b819f60fd1d37dc764
                                                                                        • Opcode Fuzzy Hash: 3628b680e9888d51f3ede5b7fd431ea4f93bb964a28f818be4a598c22db00f11
                                                                                        • Instruction Fuzzy Hash: 10F03C3250212476CA203FA69C4DEEF7E6CDB86BA2F008160B615A10D1DAB88241C6B9
                                                                                        Function 0040B163 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 810 40b163-40b183 call 40f0b6 813 40b2f6-40b2f9 810->813 814 40b189-40b190 call 40ac2d 810->814 817 40b192-40b194 814->817 818 40b199-40b1d6 call 40adc3 memcpy 814->818 817->813 821 40b1d9-40b1dd 818->821 822 40b202-40b221 821->822 823 40b1df-40b1f2 821->823 829 40b2a2 822->829 830 40b223-40b22b 822->830 824 40b297-40b2a0 ??3@YAXPAX@Z 823->824 825 40b1f8 823->825 828 40b2f4-40b2f5 824->828 825->822 826 40b1fa-40b1fc 825->826 826->822 826->824 828->813 831 40b2a4-40b2a5 829->831 832 40b2a7-40b2aa 830->832 833 40b22d-40b231 830->833 834 40b2ed-40b2f2 ??3@YAXPAX@Z 831->834 832->831 833->822 835 40b233-40b243 833->835 834->828 836 40b245 835->836 837 40b27a-40b292 memmove 835->837 838 40b254-40b258 836->838 837->821 839 40b25a 838->839 840 40b24c-40b24e 838->840 841 40b25c 839->841 840->841 842 40b250-40b251 840->842 841->837 843 40b25e-40b267 call 40ac2d 841->843 842->838 846 40b269-40b278 843->846 847 40b2ac-40b2e5 memcpy call 40dcfb 843->847 846->837 848 40b247-40b24a 846->848 849 40b2e8-40b2eb 847->849 848->838 849->834
                                                                                        APIs
                                                                                        • memcpy.MSVCRT(00000000,?,0000001F,00010000), ref: 0040B1C5
                                                                                        • memmove.MSVCRT(00000000,-000000C1,00000020,?,00010000), ref: 0040B289
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040B298
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@memcpymemmove
                                                                                        • String ID:
                                                                                        • API String ID: 3549172513-3916222277
                                                                                        • Opcode ID: 5bad17cc77e2d39d7f6897ae69eb46f7fe1422127806d73b42e5b41d987a673b
                                                                                        • Instruction ID: 201babb0cc669d9fea5df8a163075e687156198648327345136f7fe875bf0058
                                                                                        • Opcode Fuzzy Hash: 5bad17cc77e2d39d7f6897ae69eb46f7fe1422127806d73b42e5b41d987a673b
                                                                                        • Instruction Fuzzy Hash: 495181B1A00205ABDF14DB95C889AAE7BB4EF49354F1441BAE905B7381D338DD81CB9D
                                                                                        Function 00403354 Relevance: 10.6, APIs: 7, Instructions: 145stringtimeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 851 403354-40337a lstrlenW call 4024fc 854 403385-403391 851->854 855 40337c-403380 call 40112b 851->855 857 403393-403397 854->857 858 403399-40339f 854->858 855->854 857->858 859 4033a2-4033a4 857->859 858->859 860 4033c8-4033d1 call 401986 859->860 863 4033d3-4033e6 GetSystemTimeAsFileTime GetFileAttributesW 860->863 864 4033b7-4033b9 860->864 867 4033e8-4033f6 call 40301a 863->867 868 4033ff-403408 call 401986 863->868 865 4033a6-4033ae 864->865 866 4033bb-4033bd 864->866 865->866 873 4033b0-4033b4 865->873 869 4033c3 866->869 870 403477-40347d 866->870 867->868 881 4033f8-4033fa 867->881 882 403419-40341b 868->882 883 40340a-403417 call 407776 868->883 869->860 877 4034a7-4034ba call 407776 ??3@YAXPAX@Z 870->877 878 40347f-40348a 870->878 873->866 874 4033b6 873->874 874->864 894 4034bc-4034c0 877->894 878->877 879 40348c-403490 878->879 879->877 885 403492-403497 879->885 889 40349c-4034a5 ??3@YAXPAX@Z 881->889 886 40346b-403475 ??3@YAXPAX@Z 882->886 887 40341d-40343c memcpy 882->887 883->881 885->877 891 403499-40349b 885->891 886->894 892 403451-403455 887->892 893 40343e 887->893 889->894 891->889 896 403440-403448 892->896 897 403457-403464 call 401986 892->897 895 403450 893->895 895->892 896->897 898 40344a-40344e 896->898 897->883 901 403466-403469 897->901 898->895 898->897 901->886 901->887
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(00404AC6,?,?,00000000,?,?,?,?,00404AC6,?), ref: 00403361
                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?,00404AC6,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?), ref: 004033D7
                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?,00000000), ref: 004033DE
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00404AC6,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?), ref: 0040349D
                                                                                          • Part of subcall function 0040112B: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,00401425,00000003,?,0040502D,?,?,00000000), ref: 0040114B
                                                                                          • Part of subcall function 0040112B: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,00401425,00000003,?,0040502D,?,?,00000000), ref: 00401171
                                                                                        • memcpy.MSVCRT(-00000001,00404AC6,?,?,?,?,?,00404AC6,?), ref: 0040342F
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?,00000000), ref: 0040346C
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000001,0000000C,00404AC6,00404AC6,?,?,?,?,00404AC6,?), ref: 004034B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$FileTime$??2@AttributesSystemlstrlenmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 846840743-0
                                                                                        • Opcode ID: 59d4a2ad1293f13bca9fbc2cc36a10c810479fd21a5ed498f46fbcb1fa619914
                                                                                        • Instruction ID: c1b9adc2f16cc45d244a7c0b75b8b4a4f89234fa72cd4c12ee41ca3d86f3c48f
                                                                                        • Opcode Fuzzy Hash: 59d4a2ad1293f13bca9fbc2cc36a10c810479fd21a5ed498f46fbcb1fa619914
                                                                                        • Instruction Fuzzy Hash: 8F41C836904611AADB216F998881ABF7F6CEF40716F80403BED01B61D5DB3C9B4282DD
                                                                                        Function 00404405 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00401F47: GetUserDefaultUILanguage.KERNEL32(00404416,00000000,00000020,?), ref: 00401F51
                                                                                          • Part of subcall function 00401F9D: GetLastError.KERNEL32(00000000,00000020,?), ref: 00401FEC
                                                                                          • Part of subcall function 00401F9D: wsprintfW.USER32 ref: 00401FFD
                                                                                          • Part of subcall function 00401F9D: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402012
                                                                                          • Part of subcall function 00401F9D: GetLastError.KERNEL32 ref: 00402017
                                                                                          • Part of subcall function 00401F9D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00402032
                                                                                          • Part of subcall function 00401F9D: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00402045
                                                                                          • Part of subcall function 00401F9D: GetLastError.KERNEL32 ref: 0040204C
                                                                                          • Part of subcall function 00401F9D: lstrcmpiW.KERNEL32(00000000,00000020), ref: 00402061
                                                                                          • Part of subcall function 00401F9D: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00402071
                                                                                          • Part of subcall function 00401F9D: SetLastError.KERNEL32(00000000), ref: 00402098
                                                                                          • Part of subcall function 00401F9D: lstrlenA.KERNEL32(00413FD0), ref: 004020CC
                                                                                          • Part of subcall function 00401F9D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004020E7
                                                                                          • Part of subcall function 00401F9D: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00402119
                                                                                          • Part of subcall function 00401F9D: ??3@YAXPAX@Z.MSVCRT(00000020), ref: 0040208F
                                                                                          • Part of subcall function 00401F9D: _wtol.MSVCRT ref: 0040212A
                                                                                          • Part of subcall function 00401F9D: MultiByteToWideChar.KERNEL32(00000000,00413FD0,00000001,00000000,00000002), ref: 0040214A
                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,?,?,00000000,00000020,?), ref: 0040448C
                                                                                        • wsprintfW.USER32 ref: 004044A7
                                                                                          • Part of subcall function 00402F6C: ??2@YAPAXI@Z.MSVCRT(00000018,00000000,004044E9,?,?,?,?,?,?,?,?,?,?,00000000,00000020,?), ref: 00402F71
                                                                                        • #17.COMCTL32(?,?,?,?,00000000,00000020,?), ref: 00404533
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$??2@$??3@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
                                                                                        • String ID: 7zSfxFolder%02d$IA
                                                                                        • API String ID: 3387708999-1317665167
                                                                                        • Opcode ID: 79285842cd47b5abb211c01a777ae7e1b24040997c111ecd28553c2a093b01fa
                                                                                        • Instruction ID: c443879f351b6d6d2b07c84fde6f3777072453d7374e8d7fc75fcfd2f507d9dd
                                                                                        • Opcode Fuzzy Hash: 79285842cd47b5abb211c01a777ae7e1b24040997c111ecd28553c2a093b01fa
                                                                                        • Instruction Fuzzy Hash: E03140B19042199BDB10FFA2DC86AEE7B78EB44308F40407FF619B21E1EB785644DB58
                                                                                        Function 00408EA4 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 464COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 942 408ea4-408ebf call 40aef3 945 408ec1-408ecb 942->945 946 408ece-408f07 call 4065ea call 408726 942->946 951 408fd5-408ffb call 408d21 call 408b7c 946->951 952 408f0d-408f17 ??2@YAPAXI@Z 946->952 964 408ffd-409013 call 408858 951->964 965 40901e 951->965 953 408f26 952->953 954 408f19-408f24 952->954 956 408f28-408f61 call 4010e2 ??2@YAPAXI@Z 953->956 954->956 962 408f73 956->962 963 408f63-408f71 956->963 966 408f75-408fae call 4010e2 call 408726 call 40cdb8 962->966 963->966 974 409199-4091b0 964->974 975 409019-40901c 964->975 968 409020-409035 call 40e8da call 40874d 965->968 995 408fb0-408fb2 966->995 996 408fb6-408fbb 966->996 983 409037-409044 ??2@YAPAXI@Z 968->983 984 40906d-40907d 968->984 981 4091b6 974->981 982 40934c-409367 call 4087ea 974->982 975->968 986 4091b9-4091e9 981->986 1004 409372-409375 982->1004 1005 409369-40936f 982->1005 987 409046-40904d call 408c96 983->987 988 40904f 983->988 997 4090ad-4090b3 984->997 998 40907f 984->998 1007 409219-40925f call 40e811 * 2 986->1007 1008 4091eb-4091f1 986->1008 993 409051-409061 call 408726 987->993 988->993 1017 409063-409066 993->1017 1018 409068 993->1018 995->996 999 408fc3-408fcf 996->999 1000 408fbd-408fbf 996->1000 1010 409187-409196 call 408e83 997->1010 1011 4090b9-4090d9 call 40d94b 997->1011 1006 409081-4090a7 call 40e959 call 408835 call 408931 call 408963 998->1006 999->951 999->952 1000->999 1004->1006 1012 40937b-4093a2 call 40e811 1004->1012 1005->1004 1006->997 1045 409261-409264 1007->1045 1046 4092c9 1007->1046 1015 4091f7-409209 1008->1015 1016 4092b9-4092bb 1008->1016 1010->974 1022 4090de-4090e6 1011->1022 1031 4093a4-4093b8 call 408761 1012->1031 1032 4093ba-4093d6 1012->1032 1043 409293-409295 1015->1043 1044 40920f-409211 1015->1044 1033 4092bf-4092c4 1016->1033 1025 40906a 1017->1025 1018->1025 1029 409283-409288 1022->1029 1030 4090ec-4090f3 1022->1030 1025->984 1041 409290 1029->1041 1042 40928a-40928c 1029->1042 1037 409121-409124 1030->1037 1038 4090f5-4090f9 1030->1038 1031->1032 1109 4093d7 call 40ce70 1032->1109 1110 4093d7 call 40f160 1032->1110 1033->1006 1051 4092b2-4092b7 1037->1051 1052 40912a-409138 call 408726 1037->1052 1038->1037 1047 4090fb-4090fe 1038->1047 1041->1043 1042->1041 1054 409297-409299 1043->1054 1055 40929d-4092a0 1043->1055 1044->1007 1053 409213-409215 1044->1053 1056 409267-40927f call 408761 1045->1056 1059 4092cc-4092d2 1046->1059 1057 409104-409112 call 408726 1047->1057 1058 4092a5-4092aa 1047->1058 1049 4093da-4093e4 call 40e959 1049->1006 1051->1016 1051->1033 1075 409145-409156 call 40cdb8 1052->1075 1076 40913a-409140 call 40d6f0 1052->1076 1053->1007 1054->1055 1055->1006 1079 409281 1056->1079 1057->1075 1080 409114-40911f call 40d6cb 1057->1080 1058->1033 1063 4092ac-4092ae 1058->1063 1066 4092d4-4092e0 call 408a55 1059->1066 1067 40931d-409346 call 40e959 * 2 1059->1067 1063->1051 1086 4092e2-4092ec 1066->1086 1087 4092ee-4092fa call 408aa0 1066->1087 1067->982 1067->986 1088 409158-40915a 1075->1088 1089 40915e-409163 1075->1089 1076->1075 1079->1059 1080->1075 1092 409303-40931b call 408761 1086->1092 1103 409300 1087->1103 1104 4093e9-4093fe call 40e959 * 2 1087->1104 1088->1089 1095 409165-409167 1089->1095 1096 40916b-409170 1089->1096 1092->1066 1092->1067 1095->1096 1100 409172-409174 1096->1100 1101 409178-409181 1096->1101 1100->1101 1101->1010 1101->1011 1103->1092 1104->1006 1109->1049 1110->1049
                                                                                        APIs
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000018,?,?,00000000,?), ref: 00408F0F
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000028,00000000,?,?,00000000,?), ref: 00408F59
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@
                                                                                        • String ID: IA$IA
                                                                                        • API String ID: 1033339047-1400641299
                                                                                        • Opcode ID: 7402ad71c3df89009bcca6447dc192685c66d640a39f4103aae4a4fab3f3137f
                                                                                        • Instruction ID: ddcf9de22f7a46eeefc4975c1fab543939f34ce9f972055b0c78c556d294e1f5
                                                                                        • Opcode Fuzzy Hash: 7402ad71c3df89009bcca6447dc192685c66d640a39f4103aae4a4fab3f3137f
                                                                                        • Instruction Fuzzy Hash: EF123671A00209DFCB14EFA5C98489ABBB5FF48304B10456EF95AA7392DB39ED85CF44
                                                                                        Function 00410CD0 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1124 410cd0-410d1a call 410b9a free 1127 410d22-410d23 1124->1127 1128 410d1c-410d1e 1124->1128 1128->1127
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: free
                                                                                        • String ID: $KA$4KA$HKA$\KA
                                                                                        • API String ID: 1294909896-3316857779
                                                                                        • Opcode ID: 376fb7dfafd84c32bde4dd83858b4f8e2c6f0d8f0efa40633e7013e4dd95691d
                                                                                        • Instruction ID: 889df95fe732b3a4b2d84b4ab476e7a54c7f97cead7299b76f73e2708a1c6c0a
                                                                                        • Opcode Fuzzy Hash: 376fb7dfafd84c32bde4dd83858b4f8e2c6f0d8f0efa40633e7013e4dd95691d
                                                                                        • Instruction Fuzzy Hash: C5F09271409B109FC7319F55E405AC6B7F4AE447183058A2EA89A5BA11D3B8F989CB9C
                                                                                        Function 004096C7 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 388COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1129 4096c7-40970f _EH_prolog call 4010e2 1132 409711-409714 1129->1132 1133 409717-40971a 1129->1133 1132->1133 1134 409730-409755 1133->1134 1135 40971c-409721 1133->1135 1138 409757-40975d 1134->1138 1136 409723-409725 1135->1136 1137 409729-40972b 1135->1137 1136->1137 1139 409b93-409ba4 1137->1139 1140 409763-409767 1138->1140 1141 409827-40983a call 40118a 1138->1141 1142 409769-40976c 1140->1142 1143 40976f-40977e 1140->1143 1150 409851-409876 call 408e4e ??2@YAPAXI@Z 1141->1150 1151 40983c-409846 call 409425 1141->1151 1142->1143 1144 409780-409796 call 4094e0 call 40969d call 40e959 1143->1144 1145 4097a3-4097a8 1143->1145 1166 40979b-4097a1 1144->1166 1148 4097b6-4097f0 call 4094e0 call 40969d call 40e959 call 4095b7 1145->1148 1149 4097aa-4097b4 1145->1149 1154 4097f3-409809 1148->1154 1149->1148 1149->1154 1162 409881-40989a call 4010e2 call 40eb24 1150->1162 1163 409878-40987f call 40ebf7 1150->1163 1173 40984a-40984c 1151->1173 1159 40980c-409814 1154->1159 1165 409816-409825 call 409403 1159->1165 1159->1166 1183 40989d-4098c0 call 40eb19 1162->1183 1163->1162 1165->1159 1166->1138 1173->1139 1186 4098c2-4098c7 1183->1186 1187 4098f6-4098f9 1183->1187 1190 4098c9-4098cb 1186->1190 1191 4098cf-4098e7 call 409530 call 409425 1186->1191 1188 409925-409949 ??2@YAPAXI@Z 1187->1188 1189 4098fb-409900 1187->1189 1193 409954 1188->1193 1194 40994b-409952 call 409c13 1188->1194 1195 409902-409904 1189->1195 1196 409908-40991e call 409530 call 409425 1189->1196 1190->1191 1209 4098e9-4098eb 1191->1209 1210 4098ef-4098f1 1191->1210 1199 409956-40996d call 4010e2 1193->1199 1194->1199 1195->1196 1196->1188 1211 40997b-4099a0 call 409fb4 1199->1211 1212 40996f-409978 1199->1212 1209->1210 1210->1139 1215 4099a2-4099a7 1211->1215 1216 4099e3-4099e6 1211->1216 1212->1211 1219 4099a9-4099ab 1215->1219 1220 4099af-4099b4 1215->1220 1217 4099ec-409a49 call 409603 call 4094b1 call 408ea4 1216->1217 1218 409b4e-409b53 1216->1218 1234 409a4e-409a53 1217->1234 1223 409b55-409b56 1218->1223 1224 409b5b-409b7f 1218->1224 1219->1220 1221 4099b6-4099b8 1220->1221 1222 4099bc-4099d4 call 409530 call 409425 1220->1222 1221->1222 1235 4099d6-4099d8 1222->1235 1236 4099dc-4099de 1222->1236 1223->1224 1224->1183 1237 409ab5-409abb 1234->1237 1238 409a55 1234->1238 1235->1236 1236->1139 1240 409ac1-409ac3 1237->1240 1241 409abd-409abf 1237->1241 1239 409a57 1238->1239 1242 409a5a-409a63 call 409f49 1239->1242 1243 409a65-409a67 1240->1243 1244 409ac5-409ad1 1240->1244 1241->1239 1242->1243 1255 409aa2-409aa4 1242->1255 1246 409a69-409a6a 1243->1246 1247 409a6f-409a71 1243->1247 1248 409ad3-409ad5 1244->1248 1249 409ad7-409add 1244->1249 1246->1247 1252 409a73-409a75 1247->1252 1253 409a79-409a91 call 409530 call 409425 1247->1253 1248->1242 1249->1224 1250 409adf-409ae5 1249->1250 1250->1224 1252->1253 1253->1173 1262 409a97-409a9d 1253->1262 1258 409aa6-409aa8 1255->1258 1259 409aac-409ab0 1255->1259 1258->1259 1259->1224 1262->1173
                                                                                        APIs
                                                                                        • _EH_prolog.MSVCRT ref: 004096D0
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000038,00000001), ref: 0040986E
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000038,?,00000000,00000000,00000001), ref: 00409941
                                                                                          • Part of subcall function 00409C13: ??2@YAPAXI@Z.MSVCRT(00000020,?,00000000,?,00409952,?,00000000,00000000,00000001), ref: 00409C3B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@$H_prolog
                                                                                        • String ID: HIA
                                                                                        • API String ID: 3431946709-2712174624
                                                                                        • Opcode ID: 3dcc1a3fe120ce7f2c594cfa04f860259f569253507d2a08ae97171331bd6f56
                                                                                        • Instruction ID: da3614a8b55b1d80bdf53177d95d0cff5abf3d9c279f99a440b99522f39c568d
                                                                                        • Opcode Fuzzy Hash: 3dcc1a3fe120ce7f2c594cfa04f860259f569253507d2a08ae97171331bd6f56
                                                                                        • Instruction Fuzzy Hash: 53F13971610249DFCB24DF69C884AAA77F4BF48314F24416AF829AB392DB39ED41CF54
                                                                                        Function 00402844 Relevance: 6.4, APIs: 5, Instructions: 118stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1265 402844-40288e call 411c20 call 40dcfb lstrlenA * 2 1269 402893-4028af call 40dcc7 1265->1269 1271 4028b5-4028ba 1269->1271 1272 40297f 1269->1272 1271->1272 1273 4028c0-4028ca 1271->1273 1274 402981-402985 1272->1274 1275 4028cd-4028d2 1273->1275 1276 402911-402916 1275->1276 1277 4028d4-4028d9 1275->1277 1278 40293b-40295f memmove 1276->1278 1280 402918-40292b memcmp 1276->1280 1277->1278 1279 4028db-4028ee memcmp 1277->1279 1285 402961-402968 1278->1285 1286 40296e-402979 1278->1286 1281 4028f4-4028fe 1279->1281 1282 40297b-40297d 1279->1282 1283 40290b-40290f 1280->1283 1284 40292d-402939 1280->1284 1281->1272 1287 402900-402906 call 402640 1281->1287 1282->1274 1283->1275 1284->1275 1285->1286 1288 402890 1285->1288 1286->1274 1287->1283 1288->1269
                                                                                        APIs
                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 00402876
                                                                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 0040287E
                                                                                        • memcmp.MSVCRT(?,?,?), ref: 004028E4
                                                                                        • memcmp.MSVCRT(?,?,?,?,00000000), ref: 00402921
                                                                                        • memmove.MSVCRT(?,?,00000000,?,00000000), ref: 00402953
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrlenmemcmp$memmove
                                                                                        • String ID:
                                                                                        • API String ID: 3251180759-0
                                                                                        • Opcode ID: 67daa449d30d113f3b3b6daec82bd49862eba03341b4cd8aae73257779b8cae6
                                                                                        • Instruction ID: d4955105e7b234ce255a009ef61331e6eb412850de833d0a73495bfba1f32545
                                                                                        • Opcode Fuzzy Hash: 67daa449d30d113f3b3b6daec82bd49862eba03341b4cd8aae73257779b8cae6
                                                                                        • Instruction Fuzzy Hash: 4A417F72E00209AFCF01DFA4C9889EEBBB5EF08344F04447AE945B3291D3B49E55CB55
                                                                                        Function 0040150B Relevance: 6.1, APIs: 4, Instructions: 100synchronizationthreadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1292 40150b-401561 call 408726 call 401329 call 401429 CreateThread 1299 401563 call 40786b 1292->1299 1300 401568-401583 WaitForSingleObject 1292->1300 1299->1300 1302 401585-401588 1300->1302 1303 4015b7-4015bd 1300->1303 1306 40158a-40158d 1302->1306 1307 4015ab 1302->1307 1304 40161b 1303->1304 1305 4015bf-4015d4 GetExitCodeThread 1303->1305 1309 401620-401623 1304->1309 1310 4015d6-4015d8 1305->1310 1311 4015de-4015e9 1305->1311 1312 4015a7-4015a9 1306->1312 1313 40158f-401592 1306->1313 1308 4015ad-4015b5 call 407776 1307->1308 1308->1304 1310->1311 1315 4015da-4015dc 1310->1315 1316 4015f1-4015fa 1311->1316 1317 4015eb-4015ec 1311->1317 1312->1308 1318 4015a3-4015a5 1313->1318 1319 401594-401597 1313->1319 1315->1309 1322 401605-401611 SetLastError 1316->1322 1323 4015fc-401603 1316->1323 1321 4015ee-4015ef 1317->1321 1318->1308 1324 401599-40159c 1319->1324 1325 40159e-4015a1 1319->1325 1326 401613-401618 call 407776 1321->1326 1322->1326 1323->1304 1323->1322 1324->1304 1324->1325 1325->1321 1326->1304
                                                                                        APIs
                                                                                        • CreateThread.KERNELBASE(00000000,00000000,0040129C,00000000,00000000,?), ref: 0040154F
                                                                                        • WaitForSingleObject.KERNEL32(000000FF,?,00404AFB,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00401570
                                                                                          • Part of subcall function 00407776: wvsprintfW.USER32(?,00000000,?), ref: 0040779A
                                                                                          • Part of subcall function 00407776: GetLastError.KERNEL32(?,00000000,0000FDE9), ref: 004077AB
                                                                                          • Part of subcall function 00407776: FormatMessageW.KERNEL32(00001100,00000000,00000000,00402A50,00402A50,00000000,00000000,?,00000000,0000FDE9), ref: 004077D3
                                                                                          • Part of subcall function 00407776: FormatMessageW.KERNEL32(00001100,00000000,00402A50,00000000,00402A50,00000000,00000000,?,00000000,0000FDE9), ref: 004077E8
                                                                                          • Part of subcall function 00407776: lstrlenW.KERNEL32(?,?,00000000,0000FDE9), ref: 004077FB
                                                                                          • Part of subcall function 00407776: lstrlenW.KERNEL32(00402A50,?,00000000,0000FDE9), ref: 00407802
                                                                                          • Part of subcall function 00407776: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,0000FDE9), ref: 00407817
                                                                                          • Part of subcall function 00407776: lstrcpyW.KERNEL32(00000000,?,?,00000000,0000FDE9), ref: 0040782D
                                                                                          • Part of subcall function 00407776: lstrcpyW.KERNEL32(-00000002,00402A50,?,00000000,0000FDE9), ref: 0040783E
                                                                                          • Part of subcall function 00407776: ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000,0000FDE9), ref: 00407847
                                                                                          • Part of subcall function 00407776: LocalFree.KERNEL32(00402A50,?,00000000,0000FDE9), ref: 00407851
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: FormatMessagelstrcpylstrlen$??2@??3@CreateErrorFreeLastLocalObjectSingleThreadWaitwvsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 359084233-0
                                                                                        • Opcode ID: bfd7be960afb110040db1d822841385e4bb8395790a59903d21b295a7462948d
                                                                                        • Instruction ID: 87277f5b9ffc23463226fd0df2644328d4cfb3d5af9d6e9341eee715f5e270ad
                                                                                        • Opcode Fuzzy Hash: bfd7be960afb110040db1d822841385e4bb8395790a59903d21b295a7462948d
                                                                                        • Instruction Fuzzy Hash: 8231F171644200BBDA305B15DC86EBB37B9EBC5350F24843BF522F92F0CA79A941DA5E
                                                                                        Function 00401986 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1329 401986-401995 CreateDirectoryW 1330 4019c7-4019cb 1329->1330 1331 401997-4019a4 GetLastError 1329->1331 1332 4019b1-4019be GetFileAttributesW 1331->1332 1333 4019a6 1331->1333 1332->1330 1335 4019c0-4019c2 1332->1335 1334 4019a7-4019b0 SetLastError 1333->1334 1335->1330 1336 4019c4-4019c5 1335->1336 1336->1334
                                                                                        APIs
                                                                                        • CreateDirectoryW.KERNELBASE(004033CE,00000000,-00000001,004033CE,?,00404AC6,?,?,?,?,00404AC6,?), ref: 0040198D
                                                                                        • GetLastError.KERNEL32(?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00401997
                                                                                        • SetLastError.KERNEL32(000000B7,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?,00000000), ref: 004019A7
                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?,00000000), ref: 004019B5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$AttributesCreateDirectoryFile
                                                                                        • String ID:
                                                                                        • API String ID: 635176117-0
                                                                                        • Opcode ID: 393c5bca226d6deeec728b25f224b431065b6bfcdefbc0a9fd36f7f362ffe78b
                                                                                        • Instruction ID: 5ae0be16486f509c6b40768ba71a6c1c2cea9be4331c5fc90c1b41dbeb0419e3
                                                                                        • Opcode Fuzzy Hash: 393c5bca226d6deeec728b25f224b431065b6bfcdefbc0a9fd36f7f362ffe78b
                                                                                        • Instruction Fuzzy Hash: D5E09AB0518250AFDE142BB4BD187DB3AA5AF46362F508932F495E02F0C33888428A89
                                                                                        Function 00404A44 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1337 404a44-404a62 call 408676 ??2@YAPAXI@Z 1340 404a64-404a6b call 40a9f8 1337->1340 1341 404a6d 1337->1341 1343 404a6f-404a91 call 408726 call 40dcfb 1340->1343 1341->1343 1370 404a92 call 40b2fc 1343->1370 1371 404a92 call 40a7de 1343->1371 1348 404a95-404a97 1349 404ab3-404abd 1348->1349 1350 404a99-404aa9 call 407776 1348->1350 1352 404ada-404ae4 ??2@YAPAXI@Z 1349->1352 1353 404abf-404ac1 call 403354 1349->1353 1366 404aae-404ab2 1350->1366 1354 404ae6-404aed call 404292 1352->1354 1355 404aef 1352->1355 1360 404ac6-404ac9 1353->1360 1359 404af1-404af6 call 40150b 1354->1359 1355->1359 1365 404afb-404afd 1359->1365 1360->1352 1364 404acb 1360->1364 1367 404ad0-404ad8 1364->1367 1365->1367 1367->1366 1370->1348 1371->1348
                                                                                        APIs
                                                                                        • ??2@YAPAXI@Z.MSVCRT(000001E8,00000000,?,ExecuteFile,00000023,?,00405D20,?,00417788,00417788), ref: 00404A5A
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000040,?,?,?,?,?,?,?,?,00000000,?), ref: 00404ADC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@
                                                                                        • String ID: ExecuteFile
                                                                                        • API String ID: 1033339047-323923146
                                                                                        • Opcode ID: ddddc352d45356e59f769561758ce12b54d09949a17630eb614c7359ca8f5a4f
                                                                                        • Instruction ID: 446d0bd8c70a379003bbf02419fa435b46014474c8a02eb0da5acec479ce97d7
                                                                                        • Opcode Fuzzy Hash: ddddc352d45356e59f769561758ce12b54d09949a17630eb614c7359ca8f5a4f
                                                                                        • Instruction Fuzzy Hash: EA1184B5340104BFD710AB659C85D6B73A8EF80355724443FF602B72D1DA789D418A6D
                                                                                        Function 0040ADC3 Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??2@YAPAXI@Z.MSVCRT(?,?,?,?,0040B1B6,00010000), ref: 0040ADD6
                                                                                        • memmove.MSVCRT(00000000,?,?,?,?,?,0040B1B6,00010000), ref: 0040ADF0
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,0040B1B6,00010000), ref: 0040AE00
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@??3@memmove
                                                                                        • String ID:
                                                                                        • API String ID: 3828600508-0
                                                                                        • Opcode ID: 4449fd91eb0ff46ca5400df1e5836bdc8f9a036411b0c9dbbdee532f68785798
                                                                                        • Instruction ID: a8ce0a3cb4653ecb547b1a3698f229d81d6147035ad3680bc60947505803a3f4
                                                                                        • Opcode Fuzzy Hash: 4449fd91eb0ff46ca5400df1e5836bdc8f9a036411b0c9dbbdee532f68785798
                                                                                        • Instruction Fuzzy Hash: 74F089763047016FC3205B1ADC80857BBABDFC4715311883FE55E93A50D634F891965A
                                                                                        Function 0040245A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 0040247E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalMemoryStatus
                                                                                        • String ID: @
                                                                                        • API String ID: 1890195054-2766056989
                                                                                        • Opcode ID: 5ff2dfdd56dec2a5a5c377c1c31be187797b995f0c54d640c9ef9d6a9fd1637f
                                                                                        • Instruction ID: 9ce3ff159218229c34eda893c3d8d64f83397f3f2cddac743d7c565554413103
                                                                                        • Opcode Fuzzy Hash: 5ff2dfdd56dec2a5a5c377c1c31be187797b995f0c54d640c9ef9d6a9fd1637f
                                                                                        • Instruction Fuzzy Hash: AAF0AF30A042048ADF15AB719E8DA5A37A4BB00348F10853AF516F52D4D7BCE9048B5D
                                                                                        Function 0040C9FC Relevance: 3.2, APIs: 2, Instructions: 184COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040AAAB: _CxxThrowException.MSVCRT(?,00414EF8), ref: 0040AAC5
                                                                                          • Part of subcall function 0040ADC3: ??2@YAPAXI@Z.MSVCRT(?,?,?,?,0040B1B6,00010000), ref: 0040ADD6
                                                                                          • Part of subcall function 0040ADC3: memmove.MSVCRT(00000000,?,?,?,?,?,0040B1B6,00010000), ref: 0040ADF0
                                                                                          • Part of subcall function 0040ADC3: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,0040B1B6,00010000), ref: 0040AE00
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,004149F0,?,004149B0), ref: 0040CAF2
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,004149F0,?,004149B0), ref: 0040CC4A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$??2@ExceptionThrowmemmove
                                                                                        • String ID:
                                                                                        • API String ID: 4269121280-0
                                                                                        • Opcode ID: 55a34ad2a1bb823cdc9ec8962d94a78352b48210c79ef81d7d99dd1713e8f51f
                                                                                        • Instruction ID: 88480e7f7e551c391a26326ce122d220a9eefc885560dc6ed21150e7f5ba8ef6
                                                                                        • Opcode Fuzzy Hash: 55a34ad2a1bb823cdc9ec8962d94a78352b48210c79ef81d7d99dd1713e8f51f
                                                                                        • Instruction Fuzzy Hash: 00712571A00209EFCB24DFA5C8D1AAEBBB1FF08314F10463AE545A3291D739A945CF99
                                                                                        Function 0040A62F Relevance: 3.1, APIs: 2, Instructions: 135COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 1329742358-0
                                                                                        • Opcode ID: 6656e43d2981dee3a96cb881ff7527404ad10ce0abe68b4cdaafc38c009261e5
                                                                                        • Instruction ID: 956102545b91a7c0cba0a64d671320761176ea25dc816e9057e3d4af94f09eda
                                                                                        • Opcode Fuzzy Hash: 6656e43d2981dee3a96cb881ff7527404ad10ce0abe68b4cdaafc38c009261e5
                                                                                        • Instruction Fuzzy Hash: 0D411F32800204AFCB09DB65CD45EBE7B35EF50304B18883BF402B72E2D63E9E21965B
                                                                                        Function 0040112B Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,00401425,00000003,?,0040502D,?,?,00000000), ref: 0040114B
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,00401425,00000003,?,0040502D,?,?,00000000), ref: 00401171
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@??3@
                                                                                        • String ID:
                                                                                        • API String ID: 1936579350-0
                                                                                        • Opcode ID: 34cac34fcb941d8ddb989ab5abad4ac91273ae9cc044ebf43d50b2c2e0e88bcb
                                                                                        • Instruction ID: 063e94d8e06ff9613a5b681c15dc067c338ae4066a9753272274ce5f9f11bd0f
                                                                                        • Opcode Fuzzy Hash: 34cac34fcb941d8ddb989ab5abad4ac91273ae9cc044ebf43d50b2c2e0e88bcb
                                                                                        • Instruction Fuzzy Hash: 71F0A476210612ABC334DF2DC581867B3E4EF88711710893FE6C7C72B1DA31A881C754
                                                                                        Function 0040D9F0 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040DA0B
                                                                                        • GetLastError.KERNEL32(?,?,?,?), ref: 0040DA19
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: d304dccc413f9fbc2375b0c992bb18d0fa27bc648f40137314f68655dcdcf89d
                                                                                        • Instruction ID: d86f9e507f4e039952bd1031b0dc001be1b0661bb6f0ed5f18f0f7cd7a7605a3
                                                                                        • Opcode Fuzzy Hash: d304dccc413f9fbc2375b0c992bb18d0fa27bc648f40137314f68655dcdcf89d
                                                                                        • Instruction Fuzzy Hash: FCF0B2B8A04208FFCB04CFA8D8448AE7BB9EB49314B2085A9F815A7390D735DA04DF64
                                                                                        Function 0040ECED Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SysAllocString.OLEAUT32(?), ref: 0040ED05
                                                                                        • _CxxThrowException.MSVCRT(?,00415010), ref: 0040ED28
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocExceptionStringThrow
                                                                                        • String ID:
                                                                                        • API String ID: 3773818493-0
                                                                                        • Opcode ID: 34848b6f66320e7823decd545e24a334e79eeaa2350f65fc9219e56b57dd4bad
                                                                                        • Instruction ID: 896a1b371a95ab63a3f889c911e7bff8eb1facf706b7c8fcc1dab20228dace7a
                                                                                        • Opcode Fuzzy Hash: 34848b6f66320e7823decd545e24a334e79eeaa2350f65fc9219e56b57dd4bad
                                                                                        • Instruction Fuzzy Hash: CDE06D71600309ABDB10AF66D8419D67BE8EF00380B00C83FF948CA250E779E590C7D9
                                                                                        Function 0040E73A Relevance: 2.5, APIs: 2, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0040E745
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?), ref: 0040E764
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                        • String ID:
                                                                                        • API String ID: 3168844106-0
                                                                                        • Opcode ID: 91dbafe27853da7d419d240d9f0ee1b362973845cd939a0bd3a75ec29d074311
                                                                                        • Instruction ID: 086d926b78662e0ab04275255430a857868cdabe8091615e808f779c17768b54
                                                                                        • Opcode Fuzzy Hash: 91dbafe27853da7d419d240d9f0ee1b362973845cd939a0bd3a75ec29d074311
                                                                                        • Instruction Fuzzy Hash: 76F05436200214FBCB119F95DC08E9BBBB9FF49761F14842AF945E7260C771E821DBA4
                                                                                        Function 0040A7DE Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: e5321c9a15e7e390b560e3b31c2ad4413e862a9b2ae91dd544a8c0e33ade4a6e
                                                                                        • Instruction ID: 39d544f4fee3d18347c8ea8d59cce7c7d4ef222c74644271f89bd24cd9d44c54
                                                                                        • Opcode Fuzzy Hash: e5321c9a15e7e390b560e3b31c2ad4413e862a9b2ae91dd544a8c0e33ade4a6e
                                                                                        • Instruction Fuzzy Hash: 4B2180316003099BCB14EFA5C945AAE73B5EF40344F14843EF806BB291DB38DD16CB1A
                                                                                        Function 0040120B Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFileAttributesW.KERNELBASE(?,?), ref: 0040124F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 5adc5d60a7dd4af011d60b8927d5fbfdd00464e259639d1fcd3b0c23b8927a9d
                                                                                        • Instruction ID: 5817d5120c2da98d16edaa91ace5ca285f5b3ff1e58b2ffd557e42fef7bfdc6e
                                                                                        • Opcode Fuzzy Hash: 5adc5d60a7dd4af011d60b8927d5fbfdd00464e259639d1fcd3b0c23b8927a9d
                                                                                        • Instruction Fuzzy Hash: 66F05E72100201DBC720AF98C840BA777F5BB84314F04483EE583F2AA0D778B885CB59
                                                                                        Function 0040DA56 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040D985: CloseHandle.KERNELBASE(00000001,000000FF,0040DA61,00413330,?,0040DB39,L@,40000000,00000000,00000000,00000000,0040DB50,00000000,00000001,00000001,00000080), ref: 0040D990
                                                                                        • CreateFileW.KERNELBASE(?,?,?,00000000,?,?,00000000,00413330,?,0040DB39,L@,40000000,00000000,00000000,00000000,0040DB50), ref: 0040DA78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFileHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3498533004-0
                                                                                        • Opcode ID: 08bceb1980caaee1328d4f84b7def86f7a2986f91a3075995b51455990be9560
                                                                                        • Instruction ID: 040011ad7fb3de3f437c6c7e3ebc1dcda5640d8293b7e84d035d3e38099293ab
                                                                                        • Opcode Fuzzy Hash: 08bceb1980caaee1328d4f84b7def86f7a2986f91a3075995b51455990be9560
                                                                                        • Instruction Fuzzy Hash: A1E04F32140219ABCF215FA49C01BCA7B96AF09760F144526BE11A61E0C672D465AF94
                                                                                        Function 0040DB97 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteFile.KERNELBASE(?,?,00000001,00000000,00000000,?,?,0040DD78,00000001,00000000,00000000,00413330,?,00404D94,?,?), ref: 0040DBBA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 3077b537328fed6cd21bdd98b87c61334e39a2b5a14a0e6e22fef2783c677b0b
                                                                                        • Instruction ID: ec3d056ad33d5175d1bee219b94afd5900c8108b90431a53c6143dcb1d381838
                                                                                        • Opcode Fuzzy Hash: 3077b537328fed6cd21bdd98b87c61334e39a2b5a14a0e6e22fef2783c677b0b
                                                                                        • Instruction Fuzzy Hash: D7E0C275600208FBCB00CF95C801B9E7BBABB49755F10C069F918AA2A0D739AA10DF54
                                                                                        Function 0040653F Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _beginthreadex.MSVCRT ref: 00406552
                                                                                          • Part of subcall function 00406501: GetLastError.KERNEL32(00406563,00000000), ref: 004064F5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast_beginthreadex
                                                                                        • String ID:
                                                                                        • API String ID: 4034172046-0
                                                                                        • Opcode ID: e5ca857e6cae9760b500a95e192be9ea992c298de85bf840c792a1269a380ec9
                                                                                        • Instruction ID: fe95790bd269afcad05a26a3721163fc0b830ac61c9b3c5b6bbddf8a66cf2d64
                                                                                        • Opcode Fuzzy Hash: e5ca857e6cae9760b500a95e192be9ea992c298de85bf840c792a1269a380ec9
                                                                                        • Instruction Fuzzy Hash: 12D05EF6400208BFDF01DFE0DC05CAB3BADEB08204B004464FD05C2150E632DA108B60
                                                                                        Function 0040CC59 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: e8864bf39b3a1c941500cd6d38dedcba990c3b7db4eb5411aa9ab2a8414fad35
                                                                                        • Instruction ID: 312fbe8762c42e8d4a239ae194adb86e93363bc1e5443e54fb58aca6058f63a2
                                                                                        • Opcode Fuzzy Hash: e8864bf39b3a1c941500cd6d38dedcba990c3b7db4eb5411aa9ab2a8414fad35
                                                                                        • Instruction Fuzzy Hash: 70D05EB2A04108FBE7109F85D946BEEFB78EB80399F10823FB506B1150D7BC5A0196AD
                                                                                        Function 0040DADC Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 0040DAF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: 05e1a1911e5ec75f7d6758f34865a5827037a9c860dec67033daab0b9cfe5943
                                                                                        • Instruction ID: c05821c64f4412cbb188b0f884d423eaa3d686fb1c941f6ac6705c8b1bb703da
                                                                                        • Opcode Fuzzy Hash: 05e1a1911e5ec75f7d6758f34865a5827037a9c860dec67033daab0b9cfe5943
                                                                                        • Instruction Fuzzy Hash: 58E0EC75211208FFDB01CF90CD01FDE7BBDFB49755F208058E90596160C7759A10EB54
                                                                                        Function 0040DB6A Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetFileTime.KERNELBASE(?,?,?,?,0040DB94,00000000,00000000,?,0040123C,?), ref: 0040DB78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileTime
                                                                                        • String ID:
                                                                                        • API String ID: 1425588814-0
                                                                                        • Opcode ID: d3a1cd3220883f1d47adb6259c26a1719b9664e7d8bae69288c7dd66fbb4bdaa
                                                                                        • Instruction ID: c6000770aa4fb4c72b4925fc402daec6625791e8065b7518697746b49206ca3e
                                                                                        • Opcode Fuzzy Hash: d3a1cd3220883f1d47adb6259c26a1719b9664e7d8bae69288c7dd66fbb4bdaa
                                                                                        • Instruction Fuzzy Hash: 40C04C3A199105FF8F020F70CD04C1ABBA2AB95722F10C918B199C4070CB328424EB02
                                                                                        Function 0040D89F Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000060,?,?,00000000,?,0040D96E,00000000,?,00000000,00000000,000000FF,?,00000001,?,?,?), ref: 0040D91A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@
                                                                                        • String ID:
                                                                                        • API String ID: 1033339047-0
                                                                                        • Opcode ID: 22fae346508b387be620676aefe54f5ba332bfd43235a82cb31898e5e1b252f2
                                                                                        • Instruction ID: 1ceb60bf2594cd826c4dcd58ac8a3e75a9726935558582f6c117c88f0dd7e0c4
                                                                                        • Opcode Fuzzy Hash: 22fae346508b387be620676aefe54f5ba332bfd43235a82cb31898e5e1b252f2
                                                                                        • Instruction Fuzzy Hash: 4A219372A042858FCF30FF91D98096B77A5AF50358320853FE093732C1DA38AD49D75A
                                                                                        Function 0040F42D Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: free
                                                                                        • String ID:
                                                                                        • API String ID: 1294909896-0
                                                                                        • Opcode ID: ad693850b0beb581ae9f70f91648a78de6b85f526a16152dd36665cc48ec9015
                                                                                        • Instruction ID: 8ccd5c106adaedd21fdabd868c2a091acccb285e2c6396e7c66228af9079aab7
                                                                                        • Opcode Fuzzy Hash: ad693850b0beb581ae9f70f91648a78de6b85f526a16152dd36665cc48ec9015
                                                                                        • Instruction Fuzzy Hash: 68E0ED311087008BEB74DA38A941F97B3DAAB14314F15893FE89AE7690EB74FC448A59
                                                                                        Function 00402F6C Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000018,00000000,004044E9,?,?,?,?,?,?,?,?,?,?,00000000,00000020,?), ref: 00402F71
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@
                                                                                        • String ID:
                                                                                        • API String ID: 1033339047-0
                                                                                        • Opcode ID: 8c656c2e1a3b1113b906896464f2e87f63fa16c9f402e9948991ae45e955b1b9
                                                                                        • Instruction ID: 194059228ff5733793a196764ebf5a0b63d959e09992ce12dff2d54d27d13516
                                                                                        • Opcode Fuzzy Hash: 8c656c2e1a3b1113b906896464f2e87f63fa16c9f402e9948991ae45e955b1b9
                                                                                        • Instruction Fuzzy Hash: 67D0A9313083121ADA5432320A09AAF84848B503A0F10083FB800A32D1DCBE8C81A299
                                                                                        Function 0040D985 Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CloseHandle.KERNELBASE(00000001,000000FF,0040DA61,00413330,?,0040DB39,L@,40000000,00000000,00000000,00000000,0040DB50,00000000,00000001,00000001,00000080), ref: 0040D990
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2962429428-0
                                                                                        • Opcode ID: 5a1e794e604a6db35733be3680912b24c50de2529967425d082228c541f5af6f
                                                                                        • Instruction ID: 71cfb53d0268b44c797f7400575dcc0518408263689e7c465582b3111ebcfb94
                                                                                        • Opcode Fuzzy Hash: 5a1e794e604a6db35733be3680912b24c50de2529967425d082228c541f5af6f
                                                                                        • Instruction Fuzzy Hash: 95D0127251422156CF646E7CB8849C277D85A06334335176AF0B4E32E4D3749DCB5698
                                                                                        Function 004024C4 Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,0040E4D6,00020000,00000000,?,00000000,?,0040D92B,?,?,00000000,?,0040D96E), ref: 004024E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 076169c5b403ddfe74b0b9752022086d8412a0b80d08fe31e2627fee67d73aef
                                                                                        • Instruction ID: 23ad038ad5ccaf642d49e1102795c1c714580f299e31bec6e074b0e2bc220d86
                                                                                        • Opcode Fuzzy Hash: 076169c5b403ddfe74b0b9752022086d8412a0b80d08fe31e2627fee67d73aef
                                                                                        • Instruction Fuzzy Hash: D3C080301443007DED115F505E06B463A916B44717F508065F344540D0C7F484009509
                                                                                        Function 00401B1F Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,0040E561,?,00000004,0040E5B0,?,?,004117E5,?), ref: 00401B2A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 727c456c664ec040fae2a494910ef8e866b16c48e489126d85a402f0e100615f
                                                                                        • Instruction ID: 5381ed20748db0b7fd93371e38984c83fa4171db9cf80dc6a42123bab5888d64
                                                                                        • Opcode Fuzzy Hash: 727c456c664ec040fae2a494910ef8e866b16c48e489126d85a402f0e100615f
                                                                                        • Instruction Fuzzy Hash: 45A002305446007ADE515B10DD05F457F516744B11F20C5547155540E586755654DA09
                                                                                        Function 0040F3FC Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: free
                                                                                        • String ID:
                                                                                        • API String ID: 1294909896-0
                                                                                        • Opcode ID: d9246d09a93a321ccd45a7f77b4b3a05b9734a8e70a1dc2b954ba7e43b8076d7
                                                                                        • Instruction ID: 7baee4be7330d58fba6a4d3e6254b3dabd4481adb37f3967e502ba2394f26960
                                                                                        • Opcode Fuzzy Hash: d9246d09a93a321ccd45a7f77b4b3a05b9734a8e70a1dc2b954ba7e43b8076d7
                                                                                        • Instruction Fuzzy Hash:

                                                                                        Non-executed Functions

                                                                                        Function 004034C1 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 290comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _wtol.MSVCRT ref: 004034E5
                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,CC5BE863,00000000,004177A0,00000000,00417794), ref: 00403588
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 004035F9
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 00403601
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 00403609
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?), ref: 00403611
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?), ref: 00403619
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 00403621
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 00403629
                                                                                        • _wtol.MSVCRT ref: 0040367F
                                                                                        • CoCreateInstance.OLE32(00414BF4,00000000,00000001,00414BE4,00404F9B,.lnk,?,0000005C), ref: 00403720
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,0000005C), ref: 004037B8
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,0000005C), ref: 004037C0
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,0000005C), ref: 004037C8
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,0000005C), ref: 004037D0
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,0000005C), ref: 004037D8
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,0000005C), ref: 004037E0
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,0000005C), ref: 004037E8
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,0000005C), ref: 004037EE
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,0000005C), ref: 004037F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
                                                                                        • String ID: .lnk
                                                                                        • API String ID: 408529070-24824748
                                                                                        • Opcode ID: cb1a116a375c0276f3cc47ebae34f017b071fc5c88c5a353f484599fe5934efa
                                                                                        • Instruction ID: c4a1d47ac56633071a1bd2db01059e5edb54ffe0bccc65637149caefe5d2277b
                                                                                        • Opcode Fuzzy Hash: cb1a116a375c0276f3cc47ebae34f017b071fc5c88c5a353f484599fe5934efa
                                                                                        • Instruction Fuzzy Hash: 8EA18A71910219ABDF04EFA1CC46DEEBB79EF44705F50442AF502B71A1EB79AA81CB18
                                                                                        Function 00401BDF Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00401BEA
                                                                                        • FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 00401C07
                                                                                        • FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 00401C1B
                                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401C2C
                                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401C36
                                                                                        • LockResource.KERNEL32(00000000), ref: 00401C41
                                                                                        • LoadLibraryA.KERNEL32(kernel32,SetProcessPreferredUILanguages), ref: 00401C6D
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00401C76
                                                                                        • wsprintfW.USER32 ref: 00401C95
                                                                                        • LoadLibraryA.KERNEL32(kernel32,SetThreadPreferredUILanguages), ref: 00401CAA
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00401CAD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$Load$AddressFindLibraryProc$HandleLockModuleSizeofwsprintf
                                                                                        • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages$kernel32
                                                                                        • API String ID: 2639302590-365843014
                                                                                        • Opcode ID: a5d0d847a20e007311d4afefc35bdd0d1043cb70ace8406c3a5a944bd10805b9
                                                                                        • Instruction ID: 1b367ad183524107b1556f539f271e2bfa11f4d2ebd4ebc35158efee647c5c94
                                                                                        • Opcode Fuzzy Hash: a5d0d847a20e007311d4afefc35bdd0d1043cb70ace8406c3a5a944bd10805b9
                                                                                        • Instruction Fuzzy Hash: 002153B1944318BBDB109FA59D48F9B7FBCEB48751F118036FA05B72D1D678DA008BA8
                                                                                        Function 00407776 Relevance: 16.6, APIs: 11, Instructions: 96stringwindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • wvsprintfW.USER32(?,00000000,?), ref: 0040779A
                                                                                        • GetLastError.KERNEL32(?,00000000,0000FDE9), ref: 004077AB
                                                                                        • FormatMessageW.KERNEL32(00001100,00000000,00000000,00402A50,00402A50,00000000,00000000,?,00000000,0000FDE9), ref: 004077D3
                                                                                        • FormatMessageW.KERNEL32(00001100,00000000,00402A50,00000000,00402A50,00000000,00000000,?,00000000,0000FDE9), ref: 004077E8
                                                                                        • lstrlenW.KERNEL32(?,?,00000000,0000FDE9), ref: 004077FB
                                                                                        • lstrlenW.KERNEL32(00402A50,?,00000000,0000FDE9), ref: 00407802
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,0000FDE9), ref: 00407817
                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,00000000,0000FDE9), ref: 0040782D
                                                                                        • lstrcpyW.KERNEL32(-00000002,00402A50,?,00000000,0000FDE9), ref: 0040783E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000,0000FDE9), ref: 00407847
                                                                                        • LocalFree.KERNEL32(00402A50,?,00000000,0000FDE9), ref: 00407851
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 829399097-0
                                                                                        • Opcode ID: a62d5adfeeb7962adc69906740fc29f69882c39d8c2e572406fcf4e9d62a9fca
                                                                                        • Instruction ID: 98041b7e574f1f1c61a73cce3db0a13ad597614178cae5aaf21d0c5f67190c53
                                                                                        • Opcode Fuzzy Hash: a62d5adfeeb7962adc69906740fc29f69882c39d8c2e572406fcf4e9d62a9fca
                                                                                        • Instruction Fuzzy Hash: 85218172804209BEDF14AFA0DC85CEB7BACEB04355B10847BF506A7150EB34EE848BA4
                                                                                        Function 00402B79 Relevance: 16.6, APIs: 11, Instructions: 90filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,00413454,?,?,?,00000000), ref: 00402BA8
                                                                                        • lstrcmpW.KERNEL32(?,00413450,?,0000005C,?,?,?,00000000), ref: 00402BFB
                                                                                        • lstrcmpW.KERNEL32(?,00413448,?,?,00000000), ref: 00402C11
                                                                                        • SetFileAttributesW.KERNEL32(?,00000000,?,0000005C,?,?,?,00000000), ref: 00402C27
                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000000), ref: 00402C2E
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010,?,?,00000000), ref: 00402C40
                                                                                        • FindClose.KERNEL32(00000000,?,?,00000000), ref: 00402C4F
                                                                                        • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000000), ref: 00402C5A
                                                                                        • RemoveDirectoryW.KERNEL32(?,?,?,00000000), ref: 00402C63
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 00402C6E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 00402C79
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Find$??3@Attributeslstrcmp$CloseDeleteDirectoryFirstNextRemove
                                                                                        • String ID:
                                                                                        • API String ID: 1862581289-0
                                                                                        • Opcode ID: 3adc14f40e23b1cdad4e4199877390cf68653eec517b691feb080405b1435fa2
                                                                                        • Instruction ID: 7ffcf375551190f92b7aba4ef5ef3cd4ed0286f9dec59b0789af02bc25bdcc12
                                                                                        • Opcode Fuzzy Hash: 3adc14f40e23b1cdad4e4199877390cf68653eec517b691feb080405b1435fa2
                                                                                        • Instruction Fuzzy Hash: A321A230500209BAEB10AF61DE4CFBF7B7C9B0470AF14417AB505B11E0EB78DB459A6C
                                                                                        Function 00406D5D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(uxtheme,?,00407F57,000004B1,00000000,?,?,?,?,?,0040803E), ref: 00406D65
                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00406D76
                                                                                        • GetWindow.USER32(?,00000005), ref: 00406D8F
                                                                                        • GetWindow.USER32(00000000,00000002), ref: 00406DA5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AddressLibraryLoadProc
                                                                                        • String ID: SetWindowTheme$\EA$uxtheme
                                                                                        • API String ID: 324724604-1613512829
                                                                                        • Opcode ID: 249f97bdfab0f17876e9996a58034084f131abf1d363e9cca7f48feb82d9f298
                                                                                        • Instruction ID: f2e0bdee1e376373ef12be0a37c87caa708c4cf78f5ebad58458586032015049
                                                                                        • Opcode Fuzzy Hash: 249f97bdfab0f17876e9996a58034084f131abf1d363e9cca7f48feb82d9f298
                                                                                        • Instruction Fuzzy Hash: 47F0A73274172537C6312A6A6C4CF9B6B9C9FC6B51B070176B905F7280DA6CCD0045BC
                                                                                        Function 0041022D Relevance: .5, Instructions: 501COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff1f75169f88eb9072603f867e1b9c380318d13f71256e892471df4b1a5f26b0
                                                                                        • Instruction ID: 2cf66fefa79674a345482580870fbecf2b771b639b37e27eb1fc897e4fc9b441
                                                                                        • Opcode Fuzzy Hash: ff1f75169f88eb9072603f867e1b9c380318d13f71256e892471df4b1a5f26b0
                                                                                        • Instruction Fuzzy Hash: 44126E31E00129DFDF08CF68C6945ECBBB2EF85345F2585AAD856AB280D6749EC1DF84
                                                                                        Function 0041206B Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e2407533f79ef22d8e6d794d98aef535f9904e2ced6ea7e6753812806be966d
                                                                                        • Instruction ID: 8743f1180a29be23716da9caa70fae7f7856ace610ba4dfa2102d12747f13ae8
                                                                                        • Opcode Fuzzy Hash: 6e2407533f79ef22d8e6d794d98aef535f9904e2ced6ea7e6753812806be966d
                                                                                        • Instruction Fuzzy Hash: D12129725104255BC711DF1DE8887B7B3E1FFC4319F678A36DA81CB281C629D894C6A0
                                                                                        Function 00411F91 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                        • Instruction ID: 7cc7f0f00d3fdf34bc0739e2af2c3edfb6ca911da6c9eaecf720caf4c907201e
                                                                                        • Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                        • Instruction Fuzzy Hash: 0621F53290062587CB12CE6EE4845A7F392FBC436AF134727EE84A3291C62CA855C6A0
                                                                                        Function 0040D72E Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dde32e57196543c58229ec3a92fed9e80e5316f67d8377c6540d091cf30b3fc0
                                                                                        • Instruction ID: 0032c0c3dd355d3b1328166acc4be040b7821e5e83bc1fe28c274bced218c28f
                                                                                        • Opcode Fuzzy Hash: dde32e57196543c58229ec3a92fed9e80e5316f67d8377c6540d091cf30b3fc0
                                                                                        • Instruction Fuzzy Hash: 4EF074B5A05209EFCB09CFA9C49199EFBF5FF48304B1084A9E819E7350E731AA11CF50
                                                                                        Function 00404AFF Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 144fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDriveTypeW.KERNEL32(?,?,?), ref: 00404B46
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00404B77
                                                                                        • WriteFile.KERNEL32(004177C4,?,?,00406437,00000000,del ",:Repeat,00000000), ref: 00404C2C
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00404C37
                                                                                        • CloseHandle.KERNEL32(004177C4), ref: 00404C40
                                                                                        • SetFileAttributesW.KERNEL32(00406437,00000000), ref: 00404C57
                                                                                        • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00404C69
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00404C72
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00404C7E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00406437,?), ref: 00404C84
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00406437,?,?,?,?,?,?,?,?,?,?,?,?,?,00406437,004177C4), ref: 00404CB2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$File$AttributesCloseCreateDriveExecuteHandleShellTypeWrite
                                                                                        • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$del "$if exist "$open
                                                                                        • API String ID: 3007203151-3467708659
                                                                                        • Opcode ID: 867eebb51e1b750364ee620a5f1ec15cba4384e9a655442323ea2c3f34152715
                                                                                        • Instruction ID: 7a4c4b622d76ac6c1822c64a370ea4e05d699ec4102568342bfcf68b8c9639ad
                                                                                        • Opcode Fuzzy Hash: 867eebb51e1b750364ee620a5f1ec15cba4384e9a655442323ea2c3f34152715
                                                                                        • Instruction Fuzzy Hash: DE416171D01119BADB00EBA5ED85DEEBB78EF44358F50803AF511720E1EB78AE85CB58
                                                                                        Function 00404603 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 207stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • lstrcmpiW.KERNEL32(00000000,0041442C,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004046DF
                                                                                          • Part of subcall function 00401F9D: GetLastError.KERNEL32(00000000,00000020,?), ref: 00401FEC
                                                                                          • Part of subcall function 00401F9D: wsprintfW.USER32 ref: 00401FFD
                                                                                          • Part of subcall function 00401F9D: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402012
                                                                                          • Part of subcall function 00401F9D: GetLastError.KERNEL32 ref: 00402017
                                                                                          • Part of subcall function 00401F9D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00402032
                                                                                          • Part of subcall function 00401F9D: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00402045
                                                                                          • Part of subcall function 00401F9D: GetLastError.KERNEL32 ref: 0040204C
                                                                                          • Part of subcall function 00401F9D: lstrcmpiW.KERNEL32(00000000,00000020), ref: 00402061
                                                                                          • Part of subcall function 00401F9D: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00402071
                                                                                          • Part of subcall function 00401F9D: SetLastError.KERNEL32(00000000), ref: 00402098
                                                                                          • Part of subcall function 00401F9D: lstrlenA.KERNEL32(00413FD0), ref: 004020CC
                                                                                          • Part of subcall function 00401F9D: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 004020E7
                                                                                          • Part of subcall function 00401F9D: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00402119
                                                                                        • _wtol.MSVCRT ref: 004047DC
                                                                                        • _wtol.MSVCRT ref: 004047F8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$??2@EnvironmentVariable_wtollstrcmpi$??3@InfoLocalelstrlenwsprintf
                                                                                        • String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$Progress$Title$WarningTitle$|wA
                                                                                        • API String ID: 2725485552-3187639848
                                                                                        • Opcode ID: 176a5781913efe1eb66ce12b6334ecb6201c8ddbf0a651fa5ffb65b9d7765dbc
                                                                                        • Instruction ID: a5d789275b7dd46d140941e9fd319bf554fc7ea6ad5da08365fcb0f0a182a74d
                                                                                        • Opcode Fuzzy Hash: 176a5781913efe1eb66ce12b6334ecb6201c8ddbf0a651fa5ffb65b9d7765dbc
                                                                                        • Instruction Fuzzy Hash: 4251B5F1A402047EDB10BB619D86EFF36ACDA85308B64443BF904F32C1E6BC5E854A6D
                                                                                        Function 00402DC0 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 123windowlibrarystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassNameA.USER32(?,?,00000040), ref: 00402DD3
                                                                                        • lstrcmpiA.KERNEL32(?,STATIC), ref: 00402DE6
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00402DF3
                                                                                          • Part of subcall function 00402D7D: GetWindowTextLengthW.USER32(?), ref: 00402D8E
                                                                                          • Part of subcall function 00402D7D: GetWindowTextW.USER32(00402E07,00000000,00000001), ref: 00402DAB
                                                                                          • Part of subcall function 00401A85: CharUpperW.USER32(?,7622E0B0,00000000,00000000,?,?,?,00403DBD,00000002), ref: 00401AC3
                                                                                          • Part of subcall function 00401A85: CharUpperW.USER32(?,?,?,?,00403DBD,00000002), ref: 00401ACF
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00402E20
                                                                                        • GetParent.USER32(?), ref: 00402E2E
                                                                                        • LoadLibraryA.KERNEL32(riched20), ref: 00402E42
                                                                                        • GetMenu.USER32(?), ref: 00402E55
                                                                                        • SetThreadLocale.KERNEL32(00000419), ref: 00402E62
                                                                                        • CreateWindowExW.USER32(00000000,RichEdit20W,0041335C,50000804,?,?,?,?,?,00000000,00000000,00000000), ref: 00402E92
                                                                                        • DestroyWindow.USER32(?), ref: 00402EA3
                                                                                        • SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 00402EB8
                                                                                        • GetSysColor.USER32(0000000F), ref: 00402EBC
                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00402ECA
                                                                                        • SendMessageW.USER32(00000000,00000461,?,?), ref: 00402EF5
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00402EFA
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00402F02
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$??3@MessageSend$CharTextUpper$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
                                                                                        • String ID: RichEdit20W$STATIC$riched20${\rtf
                                                                                        • API String ID: 1731037045-2281146334
                                                                                        • Opcode ID: 2b38b22499d69b5ca28c01525db5cb238b78fd2564d1ef548c56061806c72a13
                                                                                        • Instruction ID: c7c9ca1f65d7473fe19c29f8272bdbb18bb8b251efb89c9ee4785ec66c96c850
                                                                                        • Opcode Fuzzy Hash: 2b38b22499d69b5ca28c01525db5cb238b78fd2564d1ef548c56061806c72a13
                                                                                        • Instruction Fuzzy Hash: FE316072A40119BFDB01AFA5DD49DEF7BBCEF08745F104036F601B21D1DA789A008B68
                                                                                        Function 00401CC8 Relevance: 31.6, APIs: 21, Instructions: 121windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetWindowDC.USER32(00000000), ref: 00401CD4
                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00401CE0
                                                                                        • MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00401CF9
                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00401D28
                                                                                        • MulDiv.KERNEL32(?,00000003,00000002), ref: 00401D33
                                                                                        • MulDiv.KERNEL32(?,00000003,00000002), ref: 00401D3D
                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00401D4B
                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00401D52
                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401D60
                                                                                        • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00401D6E
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401D76
                                                                                        • SetStretchBltMode.GDI32(00000000,00000004), ref: 00401D7E
                                                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00401D9D
                                                                                        • GetCurrentObject.GDI32(00000000,00000007), ref: 00401DA6
                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401DB3
                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401DB9
                                                                                        • DeleteDC.GDI32(00000000), ref: 00401DC2
                                                                                        • DeleteDC.GDI32(00000000), ref: 00401DC5
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00401DCC
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00401DDB
                                                                                        • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 00401DE8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3462224810-0
                                                                                        • Opcode ID: edcdae41b00ef410d3e7ba3ed19d3c131e86ad83f2f2f2d47359cb6bb3a71bdf
                                                                                        • Instruction ID: 24730f8ff9b6a3f8d7f0600a39c6f646a54ca28d21b12e05547a6914d757f366
                                                                                        • Opcode Fuzzy Hash: edcdae41b00ef410d3e7ba3ed19d3c131e86ad83f2f2f2d47359cb6bb3a71bdf
                                                                                        • Instruction Fuzzy Hash: 00313976D00208BBDF215FA19C48EEFBFBDEB48752F108066F604B21A0C6758A50EB64
                                                                                        Function 00401DF3 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 120windowcommemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassNameA.USER32(?,?,00000040), ref: 00401E05
                                                                                        • lstrcmpiA.KERNEL32(?,STATIC), ref: 00401E1C
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00401E2F
                                                                                        • GetMenu.USER32(?), ref: 00401E44
                                                                                          • Part of subcall function 00401BDF: GetModuleHandleW.KERNEL32(00000000), ref: 00401BEA
                                                                                          • Part of subcall function 00401BDF: FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 00401C07
                                                                                          • Part of subcall function 00401BDF: FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 00401C1B
                                                                                          • Part of subcall function 00401BDF: SizeofResource.KERNEL32(00000000,00000000), ref: 00401C2C
                                                                                          • Part of subcall function 00401BDF: LoadResource.KERNEL32(00000000,00000000), ref: 00401C36
                                                                                          • Part of subcall function 00401BDF: LockResource.KERNEL32(00000000), ref: 00401C41
                                                                                        • GlobalAlloc.KERNEL32(00000040,00000010), ref: 00401E76
                                                                                        • memcpy.MSVCRT(00000000,00000000,00000010), ref: 00401E83
                                                                                        • CoInitialize.OLE32(00000000), ref: 00401E8C
                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 00401E98
                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00414C14,?), ref: 00401EBD
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00401ECD
                                                                                          • Part of subcall function 00401CC8: GetWindowDC.USER32(00000000), ref: 00401CD4
                                                                                          • Part of subcall function 00401CC8: GetDeviceCaps.GDI32(00000000,00000058), ref: 00401CE0
                                                                                          • Part of subcall function 00401CC8: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00401CF9
                                                                                          • Part of subcall function 00401CC8: GetObjectW.GDI32(?,00000018,?), ref: 00401D28
                                                                                          • Part of subcall function 00401CC8: MulDiv.KERNEL32(?,00000003,00000002), ref: 00401D33
                                                                                          • Part of subcall function 00401CC8: MulDiv.KERNEL32(?,00000003,00000002), ref: 00401D3D
                                                                                          • Part of subcall function 00401CC8: CreateCompatibleDC.GDI32(?), ref: 00401D4B
                                                                                          • Part of subcall function 00401CC8: CreateCompatibleDC.GDI32(?), ref: 00401D52
                                                                                          • Part of subcall function 00401CC8: SelectObject.GDI32(00000000,?), ref: 00401D60
                                                                                          • Part of subcall function 00401CC8: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00401D6E
                                                                                          • Part of subcall function 00401CC8: SelectObject.GDI32(00000000,00000000), ref: 00401D76
                                                                                          • Part of subcall function 00401CC8: SetStretchBltMode.GDI32(00000000,00000004), ref: 00401D7E
                                                                                          • Part of subcall function 00401CC8: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00401D9D
                                                                                          • Part of subcall function 00401CC8: GetCurrentObject.GDI32(00000000,00000007), ref: 00401DA6
                                                                                          • Part of subcall function 00401CC8: SelectObject.GDI32(00000000,?), ref: 00401DB3
                                                                                          • Part of subcall function 00401CC8: SelectObject.GDI32(00000000,?), ref: 00401DB9
                                                                                          • Part of subcall function 00401CC8: DeleteDC.GDI32(00000000), ref: 00401DC2
                                                                                          • Part of subcall function 00401CC8: DeleteDC.GDI32(00000000), ref: 00401DC5
                                                                                          • Part of subcall function 00401CC8: ReleaseDC.USER32(00000000,?), ref: 00401DCC
                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00401EFF
                                                                                        • SetWindowPos.USER32(00000010,00000000,00000000,00000000,?,?,00000006), ref: 00401F13
                                                                                        • SendMessageW.USER32(00000010,00000172,00000000,?), ref: 00401F25
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00401F3A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
                                                                                        • String ID: IMAGES$STATIC
                                                                                        • API String ID: 4202116410-1168396491
                                                                                        • Opcode ID: 352b3c5e08a174ec4a3ffb4ca519ce1611b0b6cc4168eadb64d38ca8f457be46
                                                                                        • Instruction ID: 08c73d75f8249df6a552952f3d33af28cabbedea74541c6d0cfd8ce2793c0c4e
                                                                                        • Opcode Fuzzy Hash: 352b3c5e08a174ec4a3ffb4ca519ce1611b0b6cc4168eadb64d38ca8f457be46
                                                                                        • Instruction Fuzzy Hash: C7417C71A00218BFCB11DFA1DC49DEEBF7DEF08742B008076FA05A61A0DB758A41DB68
                                                                                        Function 0040813D Relevance: 27.1, APIs: 18, Instructions: 147windowcomtimeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040692C: GetDlgItem.USER32(?,?), ref: 00406939
                                                                                          • Part of subcall function 0040692C: ShowWindow.USER32(00000000,?), ref: 00406950
                                                                                        • GetDlgItem.USER32(?,000004B8), ref: 0040816A
                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00408179
                                                                                        • GetDlgItem.USER32(?,000004B5), ref: 004081C0
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 004081C5
                                                                                        • GetDlgItem.USER32(?,000004B5), ref: 004081D5
                                                                                        • SetWindowLongW.USER32(00000000), ref: 004081D8
                                                                                        • GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 004081FE
                                                                                        • EnableMenuItem.USER32(00000000,0000F060,00000001), ref: 00408210
                                                                                        • GetDlgItem.USER32(?,000004B4), ref: 0040821A
                                                                                        • SetFocus.USER32(00000000), ref: 0040821D
                                                                                        • SetTimer.USER32(?,00000001,00000000,00000000), ref: 0040824C
                                                                                        • CoCreateInstance.OLE32(00414C34,00000000,00000001,00414808,00000000), ref: 00408277
                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00408294
                                                                                        • IsWindow.USER32(00000000), ref: 00408297
                                                                                        • GetDlgItem.USER32(?,00000002), ref: 004082A7
                                                                                        • EnableWindow.USER32(00000000), ref: 004082AA
                                                                                        • GetDlgItem.USER32(?,000004B5), ref: 004082BE
                                                                                        • ShowWindow.USER32(00000000), ref: 004082C1
                                                                                          • Part of subcall function 00407134: GetDlgItem.USER32(?,000004B6), ref: 00407142
                                                                                          • Part of subcall function 00407B33: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00407B6D
                                                                                          • Part of subcall function 00407B33: GetDlgItem.USER32(?,000004B8), ref: 00407B8B
                                                                                          • Part of subcall function 00407B33: SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 00407B9D
                                                                                          • Part of subcall function 00407B33: wsprintfW.USER32 ref: 00407BBB
                                                                                          • Part of subcall function 00407B33: ??3@YAXPAX@Z.MSVCRT(?), ref: 00407C53
                                                                                          • Part of subcall function 00407D06: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,0040803E), ref: 00407D30
                                                                                          • Part of subcall function 00407D06: LoadIconW.USER32(00000000), ref: 00407D33
                                                                                          • Part of subcall function 00407D06: GetSystemMetrics.USER32(00000032), ref: 00407D43
                                                                                          • Part of subcall function 00407D06: GetSystemMetrics.USER32(00000031), ref: 00407D48
                                                                                          • Part of subcall function 00407D06: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,0040803E), ref: 00407D51
                                                                                          • Part of subcall function 00407D06: LoadImageW.USER32(00000000), ref: 00407D54
                                                                                          • Part of subcall function 00407D06: SendMessageW.USER32(?,00000080,00000001,?), ref: 00407D79
                                                                                          • Part of subcall function 00407D06: SendMessageW.USER32(?,00000080,00000000,?), ref: 00407D89
                                                                                          • Part of subcall function 00407D06: GetWindow.USER32(?,00000005), ref: 00407E76
                                                                                          • Part of subcall function 00407D06: GetWindow.USER32(?,00000005), ref: 00407E92
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Item$Window$MessageSend$System$EnableHandleLoadLongMenuMetricsModuleShow$??3@CreateFocusIconImageInstanceTimerUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 855516470-0
                                                                                        • Opcode ID: f96aa9b93e1fd9714dbcbc8c2c582c1e46f74a713c41b2300bd45d2dcf84ac32
                                                                                        • Instruction ID: 3ce0214ef3d03b0ee840dd4ab9c121ae631e901bc0d6870238ad5b6e85178a64
                                                                                        • Opcode Fuzzy Hash: f96aa9b93e1fd9714dbcbc8c2c582c1e46f74a713c41b2300bd45d2dcf84ac32
                                                                                        • Instruction Fuzzy Hash: 014174B0644748ABDA206F65DD49F5B7BADEB40B05F00847DF552A62E1CB79B800CA1C
                                                                                        Function 00403093 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 244stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,hAA,00000000), ref: 004030F6
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,hAA,00000000), ref: 004030FE
                                                                                        • strncmp.MSVCRT ref: 004031F1
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000), ref: 00403255
                                                                                        • lstrcmpW.KERNEL32(?,SetEnvironment,00000000), ref: 00403273
                                                                                        • ??3@YAXPAX@Z.MSVCRT(0040414C,?), ref: 00403347
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$lstrcmpstrncmp
                                                                                        • String ID: GUIFlags$MiscFlags$SetEnvironment$hAA${\rtf
                                                                                        • API String ID: 2881732429-172299233
                                                                                        • Opcode ID: 436b0b5fdcd0fc7850317bda0c1040a654aafe726af0558e82b6743448b11ef5
                                                                                        • Instruction ID: da55d09168dcf28f6e950782b6654b171f18f9ca5632fa18d2c46afc5d57570a
                                                                                        • Opcode Fuzzy Hash: 436b0b5fdcd0fc7850317bda0c1040a654aafe726af0558e82b6743448b11ef5
                                                                                        • Instruction Fuzzy Hash: 23819D31900218ABDF11DFA1CD55BEE7B78AF14305F1040ABE8017B2E6DB78AB05DB59
                                                                                        Function 00406A47 Relevance: 24.3, APIs: 16, Instructions: 270COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,000004B3), ref: 00406A69
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00406A6E
                                                                                        • GetDlgItem.USER32(?,000004B4), ref: 00406AA5
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00406AAA
                                                                                        • GetSystemMetrics.USER32(00000010), ref: 00406B0B
                                                                                        • GetSystemMetrics.USER32(00000011), ref: 00406B11
                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00406B18
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00406B1F
                                                                                        • GetParent.USER32(?), ref: 00406B43
                                                                                        • GetClientRect.USER32(00000000,?), ref: 00406B55
                                                                                        • ClientToScreen.USER32(?,?), ref: 00406B68
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00406BCE
                                                                                        • GetClientRect.USER32(?,?), ref: 00406C55
                                                                                        • ClientToScreen.USER32(?,?), ref: 00406B71
                                                                                          • Part of subcall function 0040690F: GetDlgItem.USER32(?,?), ref: 0040691B
                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00406CD6
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00406CDD
                                                                                          • Part of subcall function 00406A18: GetDlgItem.USER32(?,?), ref: 00406A36
                                                                                          • Part of subcall function 00406A18: SetWindowPos.USER32(00000000), ref: 00406A3D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem$ClientItemWindow$LongRectScreen$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 747815384-0
                                                                                        • Opcode ID: bdc5cc6ef77edd437f37f749138dc65a224d6988716d71e8386f1ae5cf91717f
                                                                                        • Instruction ID: 701d8c843d4ec3579feae24e97f284edc15b0bac0439a5efdbaa5111af673c9b
                                                                                        • Opcode Fuzzy Hash: bdc5cc6ef77edd437f37f749138dc65a224d6988716d71e8386f1ae5cf91717f
                                                                                        • Instruction Fuzzy Hash: 7B912D71A00209AFDB14DFB9CD85AEEB7F9EF48704F148529E642F6290D778E9008B64
                                                                                        Function 00407D06 Relevance: 22.7, APIs: 15, Instructions: 231windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,0040803E), ref: 00407D30
                                                                                        • LoadIconW.USER32(00000000), ref: 00407D33
                                                                                        • GetSystemMetrics.USER32(00000032), ref: 00407D43
                                                                                        • GetSystemMetrics.USER32(00000031), ref: 00407D48
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,0040803E), ref: 00407D51
                                                                                        • LoadImageW.USER32(00000000), ref: 00407D54
                                                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 00407D79
                                                                                        • SendMessageW.USER32(?,00000080,00000000,?), ref: 00407D89
                                                                                        • GetWindow.USER32(?,00000005), ref: 00407E76
                                                                                        • GetWindow.USER32(?,00000005), ref: 00407E92
                                                                                        • GetWindow.USER32(?,00000005), ref: 00407EAA
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000065,000004B4,00000000,000004B3,00000000,000004B2,?,000004B7,?,?,?,?,?,0040803E), ref: 00407F0A
                                                                                        • LoadIconW.USER32(00000000), ref: 00407F0D
                                                                                        • GetDlgItem.USER32(?,000004B1), ref: 00407F28
                                                                                        • SendMessageW.USER32(00000000), ref: 00407F2F
                                                                                          • Part of subcall function 0040725A: GetDlgItem.USER32(?,?), ref: 00407264
                                                                                          • Part of subcall function 0040725A: GetWindowTextLengthW.USER32(00000000), ref: 0040726B
                                                                                          • Part of subcall function 0040692C: GetDlgItem.USER32(?,?), ref: 00406939
                                                                                          • Part of subcall function 0040692C: ShowWindow.USER32(00000000,?), ref: 00406950
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$HandleItemLoadMessageModuleSend$IconMetricsSystem$ImageLengthShowText
                                                                                        • String ID:
                                                                                        • API String ID: 1889686859-0
                                                                                        • Opcode ID: db9dc12c40266ba28352090c91f8535442cf433b61bc57d004062dfa9524bb35
                                                                                        • Instruction ID: b6a50195b8a608de49edc5b96f3e83ee8a9b90890169e94b1220211b89b9884f
                                                                                        • Opcode Fuzzy Hash: db9dc12c40266ba28352090c91f8535442cf433b61bc57d004062dfa9524bb35
                                                                                        • Instruction Fuzzy Hash: E861D47064C7096AE9257B61DC4AF3B3699AB40B05F10447FF642B92D2DBBCBC0056AF
                                                                                        Function 00406F37 Relevance: 16.6, APIs: 11, Instructions: 87windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetParent.USER32(?), ref: 00406F45
                                                                                        • GetWindowLongW.USER32(00000000), ref: 00406F4C
                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00406F62
                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 00406F7F
                                                                                        • GetSystemMetrics.USER32(00000031), ref: 00406F91
                                                                                        • GetSystemMetrics.USER32(00000032), ref: 00406F98
                                                                                        • GetWindowDC.USER32(?), ref: 00406FAA
                                                                                        • GetWindowRect.USER32(?,?), ref: 00406FB7
                                                                                        • DrawIconEx.USER32(00000000,?,?,?,?,?,00000000,00000000,00000003), ref: 00406FEB
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00406FF3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
                                                                                        • String ID:
                                                                                        • API String ID: 2586545124-0
                                                                                        • Opcode ID: 25d202db14ae47cc7765131eef640a3ba3c2163a3dcc7105130798770ded3a1b
                                                                                        • Instruction ID: b1ff7c23223d170b9333fa97acec74f2c9230ee3eabfe87d0be763292bfdf634
                                                                                        • Opcode Fuzzy Hash: 25d202db14ae47cc7765131eef640a3ba3c2163a3dcc7105130798770ded3a1b
                                                                                        • Instruction Fuzzy Hash: 8E210C7650021ABFCF01AFA8DD48DDF7F69FB08351F008565FA15E21A0C775EA209B64
                                                                                        Function 0040677A Relevance: 13.5, APIs: 9, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,000004B3), ref: 0040678E
                                                                                        • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004067A1
                                                                                        • GetDlgItem.USER32(?,000004B4), ref: 004067AB
                                                                                        • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004067B3
                                                                                        • SendMessageW.USER32(?,00000401,?,00000000), ref: 004067C3
                                                                                        • GetDlgItem.USER32(?,?), ref: 004067CC
                                                                                        • SendMessageW.USER32(00000000,000000F4,00000001,00000001), ref: 004067D4
                                                                                        • GetDlgItem.USER32(?,?), ref: 004067DD
                                                                                        • SetFocus.USER32(00000000,?,000004B4,76230E50,00407E06,000004B4,000004B3,00000000,000004B4,00000000,000004B2,?,000004B7), ref: 004067E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMessageSend$Focus
                                                                                        • String ID:
                                                                                        • API String ID: 3946207451-0
                                                                                        • Opcode ID: ad16f172208785dca513fa64c118104ef693669a3ac6e088fd96c23032a45483
                                                                                        • Instruction ID: e7a8c5b21de344c7c4c5496bf688f1d5cc3ba414acf11b32f4788b893cc62525
                                                                                        • Opcode Fuzzy Hash: ad16f172208785dca513fa64c118104ef693669a3ac6e088fd96c23032a45483
                                                                                        • Instruction Fuzzy Hash: 6FF04F712403087BEA212B61DD86F5BBA6EEF81B45F018425F340650F0CBF7EC109A28
                                                                                        Function 0040C3D8 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 480COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,00000000), ref: 0040C603
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@
                                                                                        • String ID: IA$IA$IA$IA$IA$IA
                                                                                        • API String ID: 613200358-3743982587
                                                                                        • Opcode ID: 6e54149e8c3d77333b16b378dc95c38791a09178c73359331ff936fd258cd747
                                                                                        • Instruction ID: 4cebfcab61734def35128a955d6a3e34031d8899c11ca8f9bd2aeb72941b6852
                                                                                        • Opcode Fuzzy Hash: 6e54149e8c3d77333b16b378dc95c38791a09178c73359331ff936fd258cd747
                                                                                        • Instruction Fuzzy Hash: D2221671900248DFCB24EF65C8D09EEBBB5FF48304F50852EE91AA7291DB38A945CF58
                                                                                        Function 004083B6 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000011,00000000,00000000,00417788,00000000,SetEnvironment), ref: 00408479
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@
                                                                                        • String ID: BeginPrompt$ErrorTitle$FinishMessage$HelpText$SetEnvironment$WarningTitle
                                                                                        • API String ID: 613200358-994561823
                                                                                        • Opcode ID: 5f83c807fa74e6fab6192d07fae9e82a6eb4dc7efc93d0a5bcc912a359099f96
                                                                                        • Instruction ID: 5566f9f9667118f06bc812855c9affabb63102f3a10b3971892d5eca1131561f
                                                                                        • Opcode Fuzzy Hash: 5f83c807fa74e6fab6192d07fae9e82a6eb4dc7efc93d0a5bcc912a359099f96
                                                                                        • Instruction Fuzzy Hash: CA51D47080420AAACF24AB559E85AFB7774EB20348F54443FF881722E1EF7D5D82D64E
                                                                                        Function 00406DB2 Relevance: 12.1, APIs: 8, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.MSVCRT(?,00417410,00000160), ref: 00406DD1
                                                                                        • SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 00406DF0
                                                                                        • GetDC.USER32(00000000), ref: 00406DFB
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00406E07
                                                                                        • MulDiv.KERNEL32(?,00000048,00000000), ref: 00406E16
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00406E24
                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00406E4C
                                                                                        • DialogBoxIndirectParamW.USER32(00000000,?,?,Function_0000667A), ref: 00406E81
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystemmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 2693764856-0
                                                                                        • Opcode ID: e70a94c77e8458ae7b0f85d98e5dff18e09bef3a98047e8bed90a0db42bf0d7e
                                                                                        • Instruction ID: b2c1943609947f3a034a1f42a4fd453b3666a2b5c4d4ccfd9a1c2059c5c1cb6f
                                                                                        • Opcode Fuzzy Hash: e70a94c77e8458ae7b0f85d98e5dff18e09bef3a98047e8bed90a0db42bf0d7e
                                                                                        • Instruction Fuzzy Hash: C32184B5500218BFDB215F61DC45EEB7B7CFB08746F0040B6F609A1190D7748E948B65
                                                                                        Function 0040695E Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetDC.USER32(?), ref: 0040696E
                                                                                        • GetSystemMetrics.USER32(0000000B), ref: 0040698A
                                                                                        • GetSystemMetrics.USER32(0000003D), ref: 00406993
                                                                                        • GetSystemMetrics.USER32(0000003E), ref: 0040699B
                                                                                        • SelectObject.GDI32(?,?), ref: 004069B8
                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 004069D3
                                                                                        • SelectObject.GDI32(?,?), ref: 004069F9
                                                                                        • ReleaseDC.USER32(?,?), ref: 00406A08
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
                                                                                        • String ID:
                                                                                        • API String ID: 2466489532-0
                                                                                        • Opcode ID: 3371c90df87af61a96ab0a4f5adfc31794890a389d4733c3cd0e84d47817aa4d
                                                                                        • Instruction ID: 7c755332e1b278278a0584394201b19561512224090c74d51841a9ad660c27ee
                                                                                        • Opcode Fuzzy Hash: 3371c90df87af61a96ab0a4f5adfc31794890a389d4733c3cd0e84d47817aa4d
                                                                                        • Instruction Fuzzy Hash: 6B216871900209EFCB119F65DD84A8EBFF4EF08321F10C46AE559A72A0C7359A50DF40
                                                                                        Function 00407B33 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00407B6D
                                                                                        • GetDlgItem.USER32(?,000004B8), ref: 00407B8B
                                                                                        • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 00407B9D
                                                                                        • wsprintfW.USER32 ref: 00407BBB
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00407C53
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@ItemMessageSendUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                                                                        • String ID: %d%%
                                                                                        • API String ID: 3753976982-1518462796
                                                                                        • Opcode ID: 0b792d7adb6174ba2d50e5ca9cf87896ffea0db59519718aa7dbff65f529ef39
                                                                                        • Instruction ID: b955b8041d8a67620c3180d4911c799512bd6939d195f5b55c3092177650065a
                                                                                        • Opcode Fuzzy Hash: 0b792d7adb6174ba2d50e5ca9cf87896ffea0db59519718aa7dbff65f529ef39
                                                                                        • Instruction Fuzzy Hash: 1D31D371904208BBDB11AFA0CC45EDA7BB9EF48708F10847AFA42B61E1D779B904CB59
                                                                                        Function 0040408B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 96stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(hAA,00000020,?,?,00405838,?,?,?,00000000,?), ref: 004040A4
                                                                                          • Part of subcall function 00401A85: CharUpperW.USER32(?,7622E0B0,00000000,00000000,?,?,?,00403DBD,00000002), ref: 00401AC3
                                                                                          • Part of subcall function 00401A85: CharUpperW.USER32(?,?,?,?,00403DBD,00000002), ref: 00401ACF
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 00404156
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 0040415E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 0040416D
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 00404175
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$CharUpper$lstrlen
                                                                                        • String ID: hAA
                                                                                        • API String ID: 2587799592-1362906312
                                                                                        • Opcode ID: f1afb06a12cfea52e195ddd9e8ddb158cdff932f9735d488ba252034b153affa
                                                                                        • Instruction ID: 7f7e13310b21401de90169bcc26cd057e2afddf23eedd5de54135d69024cf91c
                                                                                        • Opcode Fuzzy Hash: f1afb06a12cfea52e195ddd9e8ddb158cdff932f9735d488ba252034b153affa
                                                                                        • Instruction Fuzzy Hash: D7212772D40215AACF20ABA4CC46AEB77B9DF90354F10407BEB41BB2E1E7789D848658
                                                                                        Function 00404CBC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000001,00000000,00000000,00000001,?,00000000), ref: 00404D3E
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,004054CC,?,;!@InstallEnd@!,004054CC,;!@Install@!UTF-8!,00417400,00000000,00000001,?,00000000), ref: 00404DA0
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,004054CC,?,;!@InstallEnd@!,004054CC,;!@Install@!UTF-8!,00417400,00000000,00000001,?,00000000), ref: 00404DB8
                                                                                          • Part of subcall function 00403354: lstrlenW.KERNEL32(00404AC6,?,?,00000000,?,?,?,?,00404AC6,?), ref: 00403361
                                                                                          • Part of subcall function 00403354: GetSystemTimeAsFileTime.KERNEL32(?,00404AC6,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?), ref: 004033D7
                                                                                          • Part of subcall function 00403354: GetFileAttributesW.KERNELBASE(?,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?,00000000), ref: 004033DE
                                                                                          • Part of subcall function 00403354: ??3@YAXPAX@Z.MSVCRT(?,00404AC6,?,?,?,?,00404AC6,?,?,?,?,?,?,?,?,?), ref: 0040349D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$FileTime$AttributesSystemlstrlen
                                                                                        • String ID: 03A$;!@Install@!UTF-8!$;!@InstallEnd@!
                                                                                        • API String ID: 4038993085-2279431206
                                                                                        • Opcode ID: 1e5f1ef11ab3d9e84330ff60a8d60345b5fdf25d940142a54a900a3d947b53ea
                                                                                        • Instruction ID: 637b7b13a9bcd1d52ea1019587bfa2fb4435f6835f564ae220b3123002230846
                                                                                        • Opcode Fuzzy Hash: 1e5f1ef11ab3d9e84330ff60a8d60345b5fdf25d940142a54a900a3d947b53ea
                                                                                        • Instruction Fuzzy Hash: CE312D71D0021EEACF05EF92CD429EEBBB4BF44318F10042BE911762E1DB785649DB98
                                                                                        Function 0040755F Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EndDialog.USER32(?,00000000), ref: 00407579
                                                                                        • KillTimer.USER32(?,00000001), ref: 0040758A
                                                                                        • SetTimer.USER32(?,00000001,00000000,00000000), ref: 004075B4
                                                                                        • SuspendThread.KERNEL32(00000290), ref: 004075CD
                                                                                        • ResumeThread.KERNEL32(00000290), ref: 004075EA
                                                                                        • EndDialog.USER32(?,00000000), ref: 0040760C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: DialogThreadTimer$KillResumeSuspend
                                                                                        • String ID:
                                                                                        • API String ID: 4151135813-0
                                                                                        • Opcode ID: fa37b7d0569be928e5d0aecc9653dabfd5de706af621d680b5378aa8e85f3b57
                                                                                        • Instruction ID: ebb94c5c4675b2e6542c2b2cb7d5652cccd5624f9a00d71f737e39ca63bd9789
                                                                                        • Opcode Fuzzy Hash: fa37b7d0569be928e5d0aecc9653dabfd5de706af621d680b5378aa8e85f3b57
                                                                                        • Instruction Fuzzy Hash: 9811BF70A08618BBD7212F15EE849E77BBDFB00756B00843AF523A05A0CB39BD00DA1D
                                                                                        Function 00404E3F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(004177C4,004177C4,004177C4,00000000,00000025,;!@InstallEnd@!,;!@Install@!UTF-8!,00000000,00000000), ref: 00404E85
                                                                                          • Part of subcall function 00404343: ??3@YAXPAX@Z.MSVCRT(?,?,?,004177C4,004177C4,?,;!@InstallEnd@!,;!@Install@!UTF-8!,00000000,00000000), ref: 004043B6
                                                                                        • ??3@YAXPAX@Z.MSVCRT(004177C4,004177C4,004177C4,00000000,00000025,004177C4,004177C4,00000000,00000025,;!@InstallEnd@!,;!@Install@!UTF-8!,00000000,00000000), ref: 00404EAB
                                                                                        • wsprintfA.USER32 ref: 00404EBC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$wsprintf
                                                                                        • String ID: :Language:%u!$;!@Install@!UTF-8!$;!@InstallEnd@!
                                                                                        • API String ID: 2704270482-1550708412
                                                                                        • Opcode ID: b3a647dc230e6375ba5304378dede3f86871d19815b7720c308d82744c7d9f3d
                                                                                        • Instruction ID: afe26c372a183c0ca4a1b7edc16cb7be903c3e4040aad79e05e22cec791dc9d0
                                                                                        • Opcode Fuzzy Hash: b3a647dc230e6375ba5304378dede3f86871d19815b7720c308d82744c7d9f3d
                                                                                        • Instruction Fuzzy Hash: D8115E71B00018BBCF00FB95CC42EFE77ADAB84705B10402EBA15E3182DB78AB028799
                                                                                        Function 00403880 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00417788,00417788,00000000,%%T\,0041350C,00000000,00417788,00407405,?,00000000,00000000,00000000), ref: 004038C6
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00417788,00417788,00000000,%%T/,004134FC,00000000,00417788,00000000,%%T\,0041350C,00000000,00417788,00407405,?,00000000,00000000), ref: 00403904
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00417788,00417788,00000000,00417788,00417788,00000000,%%T/,004134FC,00000000,00417788,00000000,%%T\,0041350C,00000000,00417788,00407405), ref: 0040392A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,00417788,00417788,00000000,00417788,00417788,00000000,%%T/,004134FC,00000000,00417788,00000000,%%T\,0041350C,00000000,00417788), ref: 00403932
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@
                                                                                        • String ID: %%T/$%%T\
                                                                                        • API String ID: 613200358-2679640699
                                                                                        • Opcode ID: 9eec194740abc4bee078c15c8dc217b66edb47652cee4dab90ed516c3b80c8f9
                                                                                        • Instruction ID: 53c9ca64f2466311d4136dbbff57d229d1af9e29f5fa76e56e45344ae10c91f3
                                                                                        • Opcode Fuzzy Hash: 9eec194740abc4bee078c15c8dc217b66edb47652cee4dab90ed516c3b80c8f9
                                                                                        • Instruction Fuzzy Hash: 5011DD3190410EBACF05FFA1D857CEDBB79AE00708F50806AB511760E1EF79A785DB98
                                                                                        Function 0040393B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00414784,00414784,00000000,%%S\,0041350C,00000000,00414784,00407405,?,00000000,00000000,00000000), ref: 00403981
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00414784,00414784,00000000,%%S/,004134FC,00000000,00414784,00000000,%%S\,0041350C,00000000,00414784,00407405,?,00000000,00000000), ref: 004039BF
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00414784,00414784,00000000,00414784,00414784,00000000,%%S/,004134FC,00000000,00414784,00000000,%%S\,0041350C,00000000,00414784,00407405), ref: 004039E5
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,00414784,00414784,00000000,00414784,00414784,00000000,%%S/,004134FC,00000000,00414784,00000000,%%S\,0041350C,00000000,00414784), ref: 004039ED
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@
                                                                                        • String ID: %%S/$%%S\
                                                                                        • API String ID: 613200358-358529586
                                                                                        • Opcode ID: c94d4b60668bfb9eedf3143ce332dc4c41685f87d495a97f985edcc2faf71bca
                                                                                        • Instruction ID: c240205f9e12946546b7747d8fd44f392230bc1153c6614d6b8016afa5fd7689
                                                                                        • Opcode Fuzzy Hash: c94d4b60668bfb9eedf3143ce332dc4c41685f87d495a97f985edcc2faf71bca
                                                                                        • Instruction Fuzzy Hash: 1D11AD3190410EBACF05FFA1D856CEDBB79AE00708F51806AB511760E1EF78A789DB98
                                                                                        Function 004039F6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00414784,00414784,00000000,%%M\,0041350C,00000000,00414784,00407405,?,00000000,00000000,00000000), ref: 00403A3C
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00414784,00414784,00000000,%%M/,004134FC,00000000,00414784,00000000,%%M\,0041350C,00000000,00414784,00407405,?,00000000,00000000), ref: 00403A7A
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00414784,00414784,00000000,00414784,00414784,00000000,%%M/,004134FC,00000000,00414784,00000000,%%M\,0041350C,00000000,00414784,00407405), ref: 00403AA0
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,00414784,00414784,00000000,00414784,00414784,00000000,%%M/,004134FC,00000000,00414784,00000000,%%M\,0041350C,00000000,00414784), ref: 00403AA8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@
                                                                                        • String ID: %%M/$%%M\
                                                                                        • API String ID: 613200358-4143866494
                                                                                        • Opcode ID: 3eb134fca1680c0093703720a533bafa1d2fd801437f3d80c27f205d784cf8f2
                                                                                        • Instruction ID: 5f6947e2f47a7d655e02fb84317d9747a35bc7200d49f7273ebe403b31479b31
                                                                                        • Opcode Fuzzy Hash: 3eb134fca1680c0093703720a533bafa1d2fd801437f3d80c27f205d784cf8f2
                                                                                        • Instruction Fuzzy Hash: C911AD3190410EBACF05FFA1D956CEDBB79AE00708F51806AB511760E1EF78A789DB58
                                                                                        Function 0040E456 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _CxxThrowException.MSVCRT(00000000,00414CFC), ref: 0040E4EE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionThrow
                                                                                        • String ID: $JA$4JA$DJA$TJA$hJA$xJA
                                                                                        • API String ID: 432778473-803145960
                                                                                        • Opcode ID: 8cab838d89dd1577677f775eaf8cb930bb6d64206a7fe5cceb0cff601651d84b
                                                                                        • Instruction ID: 5492ea6659e041f1bcf420c4685f7038b08242b420f8f2c51a6428b2159ddc92
                                                                                        • Opcode Fuzzy Hash: 8cab838d89dd1577677f775eaf8cb930bb6d64206a7fe5cceb0cff601651d84b
                                                                                        • Instruction Fuzzy Hash: 7211A5F0541B419BC7308F16E544587FBF8AF907587218A1FD0AA9BA51D3F8A1888B9C
                                                                                        Function 0040C0DC Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 243COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040BA46: ??2@YAPAXI@Z.MSVCRT(0000000C,?,0040C20C,004149B0,00000001,?,?,00000000), ref: 0040BA4B
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,004149B0,00000001,?,?,00000000), ref: 0040C20D
                                                                                          • Part of subcall function 0040ADC3: ??2@YAPAXI@Z.MSVCRT(?,?,?,?,0040B1B6,00010000), ref: 0040ADD6
                                                                                          • Part of subcall function 0040ADC3: memmove.MSVCRT(00000000,?,?,?,?,?,0040B1B6,00010000), ref: 0040ADF0
                                                                                          • Part of subcall function 0040ADC3: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,0040B1B6,00010000), ref: 0040AE00
                                                                                        • ??2@YAPAXI@Z.MSVCRT(00000014,00000000,004149B0,00000001,?,?,00000000), ref: 0040C245
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@$??3@$memmove
                                                                                        • String ID: IA$IA$IA
                                                                                        • API String ID: 4294387087-924693538
                                                                                        • Opcode ID: 004b789bf8df87403c6a9785ce8ce1b6a581a8391400727a6ef04904af0d850c
                                                                                        • Instruction ID: 38d37476858cbe2739f158cf8086d9562841ccd83740beefedbf55b6536d6dac
                                                                                        • Opcode Fuzzy Hash: 004b789bf8df87403c6a9785ce8ce1b6a581a8391400727a6ef04904af0d850c
                                                                                        • Instruction Fuzzy Hash: 20B1C1B1900209DFCB54EFAAC8819DEBBB5BF48304F50852EF919A7291DB38A945CF54
                                                                                        Function 0040E811 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _CxxThrowException.MSVCRT(00100EC3,00414CFC), ref: 0040E83C
                                                                                        • ??2@YAPAXI@Z.MSVCRT(?,IA,IA,00000000,?,0040E909,00000000,00408769,IA,00402F92,00000000,00000000,004044E9,?,?,?), ref: 0040E864
                                                                                        • memcpy.MSVCRT(00000000,?,?,IA,IA,00000000,?,0040E909,00000000,00408769,IA,00402F92,00000000,00000000,004044E9,?), ref: 0040E88D
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,IA,IA,00000000,?,0040E909,00000000,00408769,IA,00402F92,00000000,00000000,004044E9,?,?,?), ref: 0040E898
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??2@??3@ExceptionThrowmemcpy
                                                                                        • String ID: IA
                                                                                        • API String ID: 3462485524-3293647318
                                                                                        • Opcode ID: 093f151d1f39f6a152e82ad647d2b2351f9aa78916fa75e1f2116d6dfd6fb346
                                                                                        • Instruction ID: e9362666a157510f6fc1816af10740f0f0ab3f4ff6eb75305f8b2a096945a613
                                                                                        • Opcode Fuzzy Hash: 093f151d1f39f6a152e82ad647d2b2351f9aa78916fa75e1f2116d6dfd6fb346
                                                                                        • Instruction Fuzzy Hash: 6811E5736003009BCB28AF57D880D6BFBE9AB84354714C83FEA59A7290D779E8954794
                                                                                        Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: wsprintf$ExitProcesslstrcat
                                                                                        • String ID: 0x%p
                                                                                        • API String ID: 2530384128-1745605757
                                                                                        • Opcode ID: b249aacb09f47677336a249b8d18a2638e0221cc442200049396670476c8e20b
                                                                                        • Instruction ID: 6c9eba3c29ae2a0cc7ccd16f79f39b6d6218d418ab2b897ff95ca6c62132cda7
                                                                                        • Opcode Fuzzy Hash: b249aacb09f47677336a249b8d18a2638e0221cc442200049396670476c8e20b
                                                                                        • Instruction Fuzzy Hash: CF019E7580020CAFDB20AFA0DC45FDA777CBF44305F04486AF945A2081D738F6948FAA
                                                                                        Function 00407A3A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004071B8: GetSystemMetrics.USER32(0000000B), ref: 004071E0
                                                                                          • Part of subcall function 004071B8: GetSystemMetrics.USER32(0000000C), ref: 004071E9
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00407A51
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00407A62
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,000004B8,?,?), ref: 00407B29
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem$??3@
                                                                                        • String ID: 100%%
                                                                                        • API String ID: 2562992111-568723177
                                                                                        • Opcode ID: 8625fd62ee8a1587f51b59dec5492359d41c9a7e7955315cbfbb4a3169dab2fe
                                                                                        • Instruction ID: d2e8aa6d75c6757367bbc63d1236441fd7733528c0e5853e38aed7656a5d7d9b
                                                                                        • Opcode Fuzzy Hash: 8625fd62ee8a1587f51b59dec5492359d41c9a7e7955315cbfbb4a3169dab2fe
                                                                                        • Instruction Fuzzy Hash: 0D31D771A047059FCB24DFA9C9419AEB7F4EF40308B00012EE542A26E1DB78FE44CF99
                                                                                        Function 00407998 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • wsprintfW.USER32 ref: 00407A12
                                                                                          • Part of subcall function 0040725A: GetDlgItem.USER32(?,?), ref: 00407264
                                                                                          • Part of subcall function 0040725A: GetWindowTextLengthW.USER32(00000000), ref: 0040726B
                                                                                        • GetDlgItem.USER32(?,000004B3), ref: 004079C6
                                                                                          • Part of subcall function 00402D7D: GetWindowTextLengthW.USER32(?), ref: 00402D8E
                                                                                          • Part of subcall function 00402D7D: GetWindowTextW.USER32(00402E07,00000000,00000001), ref: 00402DAB
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000), ref: 004079E4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow$ItemLength$??3@wsprintf
                                                                                        • String ID: (%u%s)
                                                                                        • API String ID: 3595513934-2496177969
                                                                                        • Opcode ID: 9f4d95ba82458682287a4878169768208148f14d50270f84781967351a99b3ca
                                                                                        • Instruction ID: 1b031bef2a273fddd3247fbc9e57f9590cc69a100d620b238320e5a3a24b3f72
                                                                                        • Opcode Fuzzy Hash: 9f4d95ba82458682287a4878169768208148f14d50270f84781967351a99b3ca
                                                                                        • Instruction Fuzzy Hash: 1401C8B15042147FDB107B65DC46EAF777CAF44708F10807FF516A21E2DB7CA9448A68
                                                                                        Function 004021ED Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,0000003C,?,?,?,?,?,?,00406130,?,00000000,?,?,?), ref: 0040220A
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00402211
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetNativeSystemInfo$kernel32
                                                                                        • API String ID: 2574300362-3846845290
                                                                                        • Opcode ID: dcc7844bde5d914e3d472255d944d602bbefc6ee0fc65a521985863f2fff9548
                                                                                        • Instruction ID: b757a3d5c4c17e34abb063926c294d8abaed4bc4edbc3347b9308a3de004b423
                                                                                        • Opcode Fuzzy Hash: dcc7844bde5d914e3d472255d944d602bbefc6ee0fc65a521985863f2fff9548
                                                                                        • Instruction Fuzzy Hash: 88F0B432E1521495CF20BBF48B0D6EF66E89A19349B1004BBD852F31D0E5FCCE8141EE
                                                                                        Function 00402185 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,004061B1,?,?,?), ref: 00402198
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 0040219F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32
                                                                                        • API String ID: 2574300362-3900151262
                                                                                        • Opcode ID: e5c6d40c89fc1f3fb34c79c32c3445fbc861d0d884c7149ba98d4f5b826d618a
                                                                                        • Instruction ID: b94e249185ae4a70534d65e1a66e6cdcdba3a47a1e4784fabdbc91f5644b18b3
                                                                                        • Opcode Fuzzy Hash: e5c6d40c89fc1f3fb34c79c32c3445fbc861d0d884c7149ba98d4f5b826d618a
                                                                                        • Instruction Fuzzy Hash: AFD0C934294201DBDB125FA0EE0E7EA3AB9FB04B0BF458035A920A00F0CBBC9644CA5C
                                                                                        Function 004021B9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,0040223A), ref: 004021CA
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 004021D1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32
                                                                                        • API String ID: 2574300362-736604160
                                                                                        • Opcode ID: 5a0f418ac3e49e57b967c4010738a21a45af66be6bd625357fa5c872d0fae828
                                                                                        • Instruction ID: 817513c890d082da38b6284c2862a66e2f32a8da2897575df7e5c1eb8648f331
                                                                                        • Opcode Fuzzy Hash: 5a0f418ac3e49e57b967c4010738a21a45af66be6bd625357fa5c872d0fae828
                                                                                        • Instruction Fuzzy Hash: 0DD012342443009BDB515FA09E0D7DA3EB4B705B07F508076A520E11D1CBFCA244C7AC
                                                                                        Function 00402A69 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000020,?,?,?,?,?,?,?,?,0040507C,?,00000000), ref: 00402B6F
                                                                                          • Part of subcall function 0040272E: MultiByteToWideChar.KERNEL32(00000020,00000000,00000024,?,00000000,?,?,00000020,00000024,00000000,00402ACD,?,?,00000000,00000000,00000000), ref: 00402760
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,00000000,00000020,?,?,?,?,?,?,?,?,0040507C,?,00000000), ref: 00402ADC
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,00000000,00000020,?,?,?,?,?,?,?,?,0040507C,?), ref: 00402AF7
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000000,00000000,00000020,?,?,?,?,?,?,?,?,0040507C), ref: 00402AFF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$ByteCharMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 1731127917-0
                                                                                        • Opcode ID: ae4930b9035af11edc18eb83865398ea889af843cb2bb96c85f7d9ecca2ecb95
                                                                                        • Instruction ID: 3903ebf3ba6088976d83fc344d3b185d6a20d7f45533e28e7dbc13297377a7b4
                                                                                        • Opcode Fuzzy Hash: ae4930b9035af11edc18eb83865398ea889af843cb2bb96c85f7d9ecca2ecb95
                                                                                        • Instruction Fuzzy Hash: 2831B3729041156ACB14FFA6DD81DEFB3BCEF00714B51403FF952B31E1EA38AA458658
                                                                                        Function 00403F85 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(00000001,00000000,00000002,00000000,00406437,00000000,?,?,00404B63,?,7ZSfx%03x.cmd), ref: 00403FA8
                                                                                        • GetTempPathW.KERNEL32(00000001,00000000,00000001,?,?,00404B63,?,7ZSfx%03x.cmd), ref: 00403FC5
                                                                                        • wsprintfW.USER32 ref: 00403FFB
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00404016
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: PathTemp$AttributesFilewsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1746483863-0
                                                                                        • Opcode ID: 013dbc26b67ec8e4cb6dbc59edbfaa415160c5e99e9f4e95bea1135156e91aed
                                                                                        • Instruction ID: 4b01c17e8612d334da970e7aef70975a1f373095b445c13461924cc76c43a46f
                                                                                        • Opcode Fuzzy Hash: 013dbc26b67ec8e4cb6dbc59edbfaa415160c5e99e9f4e95bea1135156e91aed
                                                                                        • Instruction Fuzzy Hash: 1B113672100204BFCB01AF59CC85AADB7F8FF88755F50802EF905972E1DB78AA008B88
                                                                                        Function 00401A85 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CharUpperW.USER32(?,7622E0B0,00000000,00000000,?,?,?,00403DBD,00000002), ref: 00401AC3
                                                                                        • CharUpperW.USER32(?,?,?,?,00403DBD,00000002), ref: 00401ACF
                                                                                        • CharUpperW.USER32(?,?,?,?,00403DBD,00000002), ref: 00401B03
                                                                                        • CharUpperW.USER32(?,?,?,?,00403DBD,00000002), ref: 00401B13
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: CharUpper
                                                                                        • String ID:
                                                                                        • API String ID: 9403516-0
                                                                                        • Opcode ID: 18230d7c19ca01b706053a4839b324d461c93759ef2237e6a4782e95e1545131
                                                                                        • Instruction ID: 0ba0c8867aa888139ba8faa8f8ff432121b60ad667f2455bf366b55ac651d143
                                                                                        • Opcode Fuzzy Hash: 18230d7c19ca01b706053a4839b324d461c93759ef2237e6a4782e95e1545131
                                                                                        • Instruction Fuzzy Hash: 02112E34A11269ABCF108F99C8446BAB7E8FF44356B504467F881E3290D77CDE51EB64
                                                                                        Function 00407FA5 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040690F: GetDlgItem.USER32(?,?), ref: 0040691B
                                                                                          • Part of subcall function 0040692C: GetDlgItem.USER32(?,?), ref: 00406939
                                                                                          • Part of subcall function 0040692C: ShowWindow.USER32(00000000,?), ref: 00406950
                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00407FED
                                                                                        • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000103), ref: 0040800D
                                                                                        • GetDlgItem.USER32(?,000004B7), ref: 00408020
                                                                                        • SetWindowLongW.USER32(00000000,000000FC,Function_00006F37), ref: 0040802E
                                                                                          • Part of subcall function 00407D06: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,0040803E), ref: 00407D30
                                                                                          • Part of subcall function 00407D06: LoadIconW.USER32(00000000), ref: 00407D33
                                                                                          • Part of subcall function 00407D06: GetSystemMetrics.USER32(00000032), ref: 00407D43
                                                                                          • Part of subcall function 00407D06: GetSystemMetrics.USER32(00000031), ref: 00407D48
                                                                                          • Part of subcall function 00407D06: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,0040803E), ref: 00407D51
                                                                                          • Part of subcall function 00407D06: LoadImageW.USER32(00000000), ref: 00407D54
                                                                                          • Part of subcall function 00407D06: SendMessageW.USER32(?,00000080,00000001,?), ref: 00407D79
                                                                                          • Part of subcall function 00407D06: SendMessageW.USER32(?,00000080,00000000,?), ref: 00407D89
                                                                                          • Part of subcall function 00407D06: GetWindow.USER32(?,00000005), ref: 00407E76
                                                                                          • Part of subcall function 00407D06: GetWindow.USER32(?,00000005), ref: 00407E92
                                                                                          • Part of subcall function 004072DD: GetDlgItem.USER32(?,000004B6), ref: 004072EA
                                                                                          • Part of subcall function 004072DD: SetFocus.USER32(00000000,?,?,004073B2,000004B6,?), ref: 004072F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemWindow$System$HandleLoadMessageMetricsModuleSend$DirectoryFileFocusIconImageInfoLongShow
                                                                                        • String ID:
                                                                                        • API String ID: 2538916108-0
                                                                                        • Opcode ID: a74d79fd4605bc1a7757bdbc28ebf3a23631424810f8539fda01f9cd24d05c25
                                                                                        • Instruction ID: 9218ed989044434557cb474aaa53437228351995edfdd36a91d94446a14b3a18
                                                                                        • Opcode Fuzzy Hash: a74d79fd4605bc1a7757bdbc28ebf3a23631424810f8539fda01f9cd24d05c25
                                                                                        • Instruction Fuzzy Hash: 7D1186B1A402146BCB10BBB99D09F9EB7FDEB84B04F00446EB652E31C0D6B8DA008B54
                                                                                        Function 004067ED Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 00406814
                                                                                        • GetSystemMetrics.USER32(00000031), ref: 0040683A
                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00406849
                                                                                        • DeleteObject.GDI32(00000000), ref: 00406878
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
                                                                                        • String ID:
                                                                                        • API String ID: 1900162674-0
                                                                                        • Opcode ID: 5f8418ac61918c0235adc1083e46979a63813a21cc36a9cb80778b220a455722
                                                                                        • Instruction ID: e152b01862f646c7a4819b14062263d5307cf72e2961abd6127bac75ebed32e6
                                                                                        • Opcode Fuzzy Hash: 5f8418ac61918c0235adc1083e46979a63813a21cc36a9cb80778b220a455722
                                                                                        • Instruction Fuzzy Hash: A9116376A00205AFDB10DF94DC88FEAB7B8EB08300F0180AAED06A7291DB74DE54CF54
                                                                                        Function 0040748A Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.MSVCRT ref: 0040749F
                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 004074B8
                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 004074D4
                                                                                        • SHGetMalloc.SHELL32(00000000), ref: 004074FE
                                                                                          • Part of subcall function 004072DD: GetDlgItem.USER32(?,000004B6), ref: 004072EA
                                                                                          • Part of subcall function 004072DD: SetFocus.USER32(00000000,?,?,004073B2,000004B6,?), ref: 004072F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: BrowseFocusFolderFromItemListMallocPathmemset
                                                                                        • String ID:
                                                                                        • API String ID: 1557639607-0
                                                                                        • Opcode ID: a8285b8de4733da597857d8c27af206edc1c0a360700d70dd9a7d2ed45ada19f
                                                                                        • Instruction ID: 30b51fec80d89fd3ac1614d0428bedaa433d1aa4d1a510c8e8bcd0531de43efe
                                                                                        • Opcode Fuzzy Hash: a8285b8de4733da597857d8c27af206edc1c0a360700d70dd9a7d2ed45ada19f
                                                                                        • Instruction Fuzzy Hash: 43112171A00114ABDB10EBA5DD48BDE77FCAB84715F1040A9E505E7280DB78EF05CB75
                                                                                        Function 004027C7 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,00000000), ref: 004027F8
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000000,00000000), ref: 00402801
                                                                                          • Part of subcall function 0040112B: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,00401425,00000003,?,0040502D,?,?,00000000), ref: 0040114B
                                                                                          • Part of subcall function 0040112B: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,00401425,00000003,?,0040502D,?,?,00000000), ref: 00401171
                                                                                        • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000,?,00000000,00000000,00000000), ref: 00402819
                                                                                        • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000,00000000,00000000), ref: 00402839
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@$EnvironmentExpandStrings$??2@
                                                                                        • String ID:
                                                                                        • API String ID: 612612615-0
                                                                                        • Opcode ID: 1bf054f2ccdc3be335b048ff77a64ac4bdb67295ffe3aca3d2c9ccbf2cc91127
                                                                                        • Instruction ID: 71972da321696c7643696fa2d61077c4bfdb6251f9c85b9dd911fab2e4c9aeed
                                                                                        • Opcode Fuzzy Hash: 1bf054f2ccdc3be335b048ff77a64ac4bdb67295ffe3aca3d2c9ccbf2cc91127
                                                                                        • Instruction Fuzzy Hash: EF017976D00118BADB04AB55DD41DDEB7BCEF48714B10417BF901B31D1EB746A4086A8
                                                                                        Function 00403AB1 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402D7D: GetWindowTextLengthW.USER32(?), ref: 00402D8E
                                                                                          • Part of subcall function 00402D7D: GetWindowTextW.USER32(00402E07,00000000,00000001), ref: 00402DAB
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,00413550,00413558), ref: 00403AFD
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00413550,00413558), ref: 00403B05
                                                                                        • SetWindowTextW.USER32(?,?), ref: 00403B12
                                                                                        • ??3@YAXPAX@Z.MSVCRT(?), ref: 00403B1D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ??3@TextWindow$Length
                                                                                        • String ID:
                                                                                        • API String ID: 2308334395-0
                                                                                        • Opcode ID: 8119ca7b33955cbac21e87e4fe12ba773d40effc5d925a3b7e480b00d6a2293b
                                                                                        • Instruction ID: 2cc122b1f520d7f8021a056a959bf32eecafdcf33a956e59961b1277582e5a57
                                                                                        • Opcode Fuzzy Hash: 8119ca7b33955cbac21e87e4fe12ba773d40effc5d925a3b7e480b00d6a2293b
                                                                                        • Instruction Fuzzy Hash: 2EF0FF32D0410DBACF01FBA5DD46CDE7B79EF04705B10406BF501720A1EA79AB559B98
                                                                                        Function 0040702A Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetObjectW.GDI32(?,0000005C,?), ref: 00407045
                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0040705B
                                                                                        • GetDlgItem.USER32(?,000004B5), ref: 0040706F
                                                                                        • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 0040707B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFontIndirectItemMessageObjectSend
                                                                                        • String ID:
                                                                                        • API String ID: 2001801573-0
                                                                                        • Opcode ID: 78def116b4819d627590729c5baad135a5410a8d7e74f17ad4cec64f2c4de15c
                                                                                        • Instruction ID: 5c236ef126686a3da9008926c30106754acf3bfa0ff8e01310dffb34f405da6a
                                                                                        • Opcode Fuzzy Hash: 78def116b4819d627590729c5baad135a5410a8d7e74f17ad4cec64f2c4de15c
                                                                                        • Instruction Fuzzy Hash: 35F05475900704ABDB209BA4DC09F8B7BFCAB48B01F048139BD51E11D4D7B4E5018B19
                                                                                        Function 00401BA3 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetParent.USER32(?), ref: 00401BA8
                                                                                        • GetWindowRect.USER32(?,?), ref: 00401BC1
                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00401BCF
                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00401BD6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClientScreen$ParentRectWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2099118873-0
                                                                                        • Opcode ID: ede60c7992125a9d10b8f8c06fbaeb3be6251aeef84f0c1b655461571a46cee2
                                                                                        • Instruction ID: 3a6f634f9500a9f0e676680e31990ed58166cb62974d534a535afb1fb6b8d00a
                                                                                        • Opcode Fuzzy Hash: ede60c7992125a9d10b8f8c06fbaeb3be6251aeef84f0c1b655461571a46cee2
                                                                                        • Instruction Fuzzy Hash: 09E04F722052116BCB10AFA5AC88C8BBF6DDFC5723700447AF941A2220D7709D109A61
                                                                                        Function 00403C63 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wtol
                                                                                        • String ID: GUIFlags$[G@
                                                                                        • API String ID: 2131799477-2126219683
                                                                                        • Opcode ID: f402b0c85aba1d66b07b6addbe7eda3b1a8910d5e18cf18c534464033b9959d4
                                                                                        • Instruction ID: b6302b9691b8fcfec91ee3c39af82f4337802e9cb3a6f407b943601295de961a
                                                                                        • Opcode Fuzzy Hash: f402b0c85aba1d66b07b6addbe7eda3b1a8910d5e18cf18c534464033b9959d4
                                                                                        • Instruction Fuzzy Hash: 6DF03C3611C1635AFB342E0994187B6AA9CEB05793FE4443BE9C3F12D0C37C8E82825D
                                                                                        Function 00402F10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetEnvironmentVariableW.KERNEL32(?O@,?,00000001,004177A0,00000000,00417794,?,?,00404F3F,?,?,?,?,?), ref: 00402F26
                                                                                        • GetEnvironmentVariableW.KERNEL32(?,00000000,?,00000001,00000002,?,?,00404F3F,?,?,?,?,?), ref: 00402F52
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2252797732.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2252780742.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252814880.0000000000413000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252830151.0000000000417000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.000000000041A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2252844840.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_ATLEQQXO.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentVariable
                                                                                        • String ID: ?O@
                                                                                        • API String ID: 1431749950-3511380453
                                                                                        • Opcode ID: 0f0cab1a5fe64df75075e876fd7e6a607817ca224d69030a73e0dc08c334b9f4
                                                                                        • Instruction ID: 315e17eccb05daff3adc91fa9074d23558c2207180d60d9b2b56ce26dbf77fcb
                                                                                        • Opcode Fuzzy Hash: 0f0cab1a5fe64df75075e876fd7e6a607817ca224d69030a73e0dc08c334b9f4
                                                                                        • Instruction Fuzzy Hash: 24F06272200118BFDB00AFA9DC458AEB7EDEF88764B51402BF904D72A1D7B4AD008B98

                                                                                        Execution Graph

                                                                                        Execution Coverage:1.3%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:11.5%
                                                                                        Total number of Nodes:130
                                                                                        Total number of Limit Nodes:9
                                                                                        execution_graph 24719 4029a1 24740 402f2c 24719->24740 24721 4029ad GetStartupInfoA 24722 4029db InterlockedCompareExchange 24721->24722 24723 4029ed 24722->24723 24724 4029e9 24722->24724 24726 402a17 24723->24726 24727 402a0d _amsg_exit 24723->24727 24724->24723 24725 4029f4 Sleep 24724->24725 24725->24722 24728 402a40 24726->24728 24729 402a20 _initterm_e 24726->24729 24727->24728 24730 402a6a 24728->24730 24731 402a4f _initterm 24728->24731 24729->24728 24733 402a3b __onexit 24729->24733 24732 402a6e InterlockedExchange 24730->24732 24736 402a76 __IsNonwritableInCurrentImage 24730->24736 24731->24730 24732->24736 24734 402b05 _ismbblead 24734->24736 24736->24734 24737 402b4a 24736->24737 24738 402aef exit 24736->24738 24741 401110 24736->24741 24737->24733 24739 402b53 _cexit 24737->24739 24738->24736 24739->24733 24740->24721 24746 401a40 24741->24746 24743 401170 24743->24736 24745 40111a 24745->24743 24749 401b90 getenv __iob_func __iob_func 24745->24749 24750 4018e0 24746->24750 24748 401a4c 24748->24745 24749->24743 24801 401220 19 API calls 24750->24801 24752 4018eb 24753 4018f2 24752->24753 24773 4013e0 24752->24773 24753->24748 24755 4018ff 24755->24753 24756 401912 6 API calls 24755->24756 24757 401944 getenv 24755->24757 24756->24757 24758 401973 24757->24758 24759 401958 getenv atoi 24757->24759 24802 401660 strncpy GetFullPathNameA 24758->24802 24759->24758 24761 4019ba 24762 4019c4 24761->24762 24763 4019d5 24761->24763 24803 4016f0 7 API calls 24762->24803 24804 4017d0 9 API calls 24763->24804 24766 401a36 24766->24748 24767 4019c9 24767->24766 24768 4019e6 24767->24768 24771 401a0b 24767->24771 24805 401540 54 API calls 24768->24805 24806 401540 54 API calls 24771->24806 24772 401a03 24772->24748 24774 401400 FindResourceA 24773->24774 24775 4013f7 24773->24775 24776 401412 LoadResource LockResource 24774->24776 24777 401455 24774->24777 24813 401180 11 API calls 24775->24813 24814 401d60 24776->24814 24807 401350 CreateFileA 24777->24807 24779 4013fd 24779->24774 24782 40142c 24784 401500 24782->24784 24785 401437 GetLastError 24782->24785 24783 401464 24786 4014a4 _snprintf 24783->24786 24787 40146d strncmp 24783->24787 24784->24755 24824 401000 7 API calls 24785->24824 24788 401d60 48 API calls 24786->24788 24790 401485 24787->24790 24791 401498 UnmapViewOfFile 24787->24791 24792 4014cf 24788->24792 24794 401d60 48 API calls 24790->24794 24791->24784 24791->24786 24792->24784 24795 4014d6 GetLastError 24792->24795 24793 401448 24793->24755 24796 401493 24794->24796 24825 401000 7 API calls 24795->24825 24796->24791 24798 4014e7 24826 401000 7 API calls 24798->24826 24800 4014f3 24800->24755 24801->24752 24802->24761 24803->24767 24804->24767 24805->24772 24806->24766 24808 401372 24807->24808 24809 401377 GetFileSize CreateFileMappingA CloseHandle 24807->24809 24808->24783 24810 4013a8 24809->24810 24811 4013af MapViewOfFile CloseHandle 24809->24811 24810->24783 24812 4013cc 24811->24812 24812->24783 24813->24779 24815 401d7d 24814->24815 24816 401d6e 24814->24816 24837 402520 39 API calls 24815->24837 24827 401cb0 24816->24827 24819 401d78 24819->24782 24820 401d89 24821 401dbb 24820->24821 24823 401dc3 OutputDebugStringA __iob_func fprintf 24820->24823 24838 402230 malloc qsort bsearch 24820->24838 24821->24782 24823->24821 24824->24793 24825->24798 24826->24800 24829 401cc1 GetModuleHandleA 24827->24829 24830 401cfa 24829->24830 24831 401ced LoadLibraryA 24829->24831 24833 401d25 24830->24833 24835 401d03 24830->24835 24831->24830 24832 401d54 24831->24832 24832->24819 24833->24819 24834 401d10 GetProcAddress 24834->24835 24836 401d2e OutputDebugStringA __iob_func fprintf 24834->24836 24835->24833 24835->24834 24836->24832 24837->24820 24838->24820 24839 6cca27b0 _PyArg_ParseTuple_SizeT 24840 6cca27da 24839->24840 24841 6cca27de 24839->24841 24842 6cca2838 PyObject_AsReadBuffer 24841->24842 24843 6cca27ee PyString_FromStringAndSize 24841->24843 24846 6cca284d 24842->24846 24847 6cca2854 PyString_FromStringAndSize 24842->24847 24844 6cca2808 24843->24844 24845 6cca280e _Py_BuildValue_SizeT 24843->24845 24850 6cca2824 24845->24850 24851 6cca16b0 24847->24851 24853 6cca16b9 24851->24853 24852 6cca192c CreateFileW 24855 6cca1a22 24852->24855 24853->24852 24854 6cca1bad 24855->24854 24856 6cca1d9d ReadFile 24855->24856 24860 6cca1df1 24856->24860 24857 6cca2246 LoadLibraryA VirtualProtect 24861 6cca10a7 24857->24861 24860->24857 24862 6cca10bc VirtualProtect 24861->24862 24862->24854 24863 6cca11d7 GetPEB 24865 6cca1244 24863->24865 24864 6cca147f LocalAlloc 24867 6cca153b 24864->24867 24865->24864 24866 6cca192c CreateFileW 24869 6cca1a22 24866->24869 24867->24866 24868 6cca1d9d ReadFile 24874 6cca1df1 24868->24874 24869->24868 24873 6cca1bad 24869->24873 24870 6cca2246 LoadLibraryA VirtualProtect 24871 6cca10a7 24870->24871 24872 6cca233b VirtualProtect 24871->24872 24872->24873 24874->24870

                                                                                        Executed Functions

                                                                                        Function 6CCA11D7 Relevance: 10.0, APIs: 6, Instructions: 1011memoryfilelibraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 23 6cca11d7-6cca1241 GetPEB 24 6cca1244-6cca124d 23->24 25 6cca128b 24->25 26 6cca124f-6cca126e call 6cca1137 24->26 27 6cca1295-6cca1326 25->27 33 6cca1270-6cca127f 26->33 34 6cca1281-6cca1289 26->34 29 6cca132d-6cca1339 27->29 31 6cca133f-6cca1387 call 6cca1197 29->31 32 6cca1475 29->32 41 6cca1391-6cca139d 31->41 35 6cca147f-6cca1534 LocalAlloc 32->35 33->27 34->24 37 6cca153b-6cca1547 35->37 39 6cca154d-6cca1595 call 6cca1197 37->39 40 6cca1683 37->40 51 6cca159f-6cca15ab 39->51 45 6cca168d-6cca16d4 40->45 43 6cca1438-6cca1444 41->43 44 6cca13a3-6cca13d7 41->44 48 6cca1446-6cca1465 43->48 49 6cca1467-6cca1470 43->49 47 6cca13e1-6cca13ed 44->47 54 6cca16d7-6cca16ee 45->54 52 6cca13ef-6cca1410 47->52 53 6cca1412-6cca1433 47->53 48->35 49->29 57 6cca15b1-6cca15e5 51->57 58 6cca1646-6cca1652 51->58 52->47 53->41 55 6cca16f0-6cca1705 54->55 56 6cca1707 54->56 55->54 59 6cca170e-6cca171e 56->59 60 6cca15ef-6cca15fb 57->60 61 6cca1654-6cca1673 58->61 62 6cca1675-6cca167e 58->62 63 6cca174b-6cca17d3 59->63 64 6cca1720-6cca1749 59->64 65 6cca15fd-6cca161e 60->65 66 6cca1620-6cca1641 60->66 61->45 62->37 67 6cca17da-6cca17e6 63->67 64->59 65->60 66->51 68 6cca17ec-6cca1834 call 6cca1197 67->68 69 6cca1922 67->69 76 6cca183e-6cca184a 68->76 70 6cca192c-6cca1a1b CreateFileW 69->70 72 6cca1a22-6cca1a2e 70->72 74 6cca1b6a 72->74 75 6cca1a34-6cca1a7c call 6cca1197 72->75 77 6cca1b74-6cca1bab 74->77 86 6cca1a86-6cca1a92 75->86 79 6cca1850-6cca1884 76->79 80 6cca18e5-6cca18f1 76->80 89 6cca1bad-6cca1bb1 77->89 90 6cca1bb6-6cca1c44 77->90 84 6cca188e-6cca189a 79->84 81 6cca18f3-6cca1912 80->81 82 6cca1914-6cca191d 80->82 81->70 82->67 87 6cca18bf-6cca18e0 84->87 88 6cca189c-6cca18bd 84->88 91 6cca1a98-6cca1acc 86->91 92 6cca1b2d-6cca1b39 86->92 87->76 88->84 93 6cca2401-6cca2413 89->93 94 6cca1c4b-6cca1c57 90->94 95 6cca1ad6-6cca1ae2 91->95 96 6cca1b3b-6cca1b5a 92->96 97 6cca1b5c-6cca1b65 92->97 98 6cca1c5d-6cca1ca5 call 6cca1197 94->98 99 6cca1d93 94->99 100 6cca1b07-6cca1b28 95->100 101 6cca1ae4-6cca1b05 95->101 96->77 97->72 108 6cca1caf-6cca1cbb 98->108 102 6cca1d9d-6cca1def ReadFile 99->102 100->86 101->95 104 6cca1df3-6cca1e3c 102->104 105 6cca1df1 102->105 107 6cca1e46-6cca1e52 104->107 105->104 109 6cca1e7b-6cca1f0f 107->109 110 6cca1e54-6cca1e79 107->110 111 6cca1cc1-6cca1cf5 108->111 112 6cca1d56-6cca1d62 108->112 115 6cca1f16-6cca1f22 109->115 110->107 116 6cca1cff-6cca1d0b 111->116 113 6cca1d64-6cca1d83 112->113 114 6cca1d85-6cca1d8e 112->114 113->102 114->94 117 6cca1f28-6cca1f70 call 6cca1197 115->117 118 6cca205e 115->118 119 6cca1d0d-6cca1d2e 116->119 120 6cca1d30-6cca1d51 116->120 127 6cca1f7a-6cca1f86 117->127 121 6cca2068-6cca20f0 118->121 119->116 120->108 123 6cca20f7-6cca2100 121->123 125 6cca223c 123->125 126 6cca2106-6cca214e call 6cca1197 123->126 128 6cca2246-6cca2376 LoadLibraryA VirtualProtect call 6cca10a7 VirtualProtect 125->128 140 6cca2158-6cca2164 126->140 130 6cca1f8c-6cca1fc0 127->130 131 6cca2021-6cca202d 127->131 141 6cca237d-6cca238d 128->141 132 6cca1fca-6cca1fd6 130->132 133 6cca202f-6cca204e 131->133 134 6cca2050-6cca2059 131->134 137 6cca1ffb-6cca201c 132->137 138 6cca1fd8-6cca1ff9 132->138 133->121 134->115 137->127 138->132 142 6cca216a-6cca219e 140->142 143 6cca21ff-6cca220b 140->143 146 6cca238f-6cca23b2 141->146 147 6cca23b4-6cca23f4 141->147 148 6cca21a8-6cca21b4 142->148 144 6cca222e-6cca2237 143->144 145 6cca220d-6cca222c 143->145 144->123 145->128 146->141 151 6cca23fd 147->151 149 6cca21d9-6cca21fa 148->149 150 6cca21b6-6cca21d7 148->150 149->140 150->148 151->93
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileProtectVirtual$AllocCreateLibraryLoadLocalRead
                                                                                        • String ID:
                                                                                        • API String ID: 2652859266-0
                                                                                        • Opcode ID: 6b557c0ddacab9af940da56eccc7f7f66c7b6801e57266e85f2c4fe0558e6c42
                                                                                        • Instruction ID: 487cb6fc1ba357c95339c680b86ae20d0d5a79067437aa20240c2f3d889c8946
                                                                                        • Opcode Fuzzy Hash: 6b557c0ddacab9af940da56eccc7f7f66c7b6801e57266e85f2c4fe0558e6c42
                                                                                        • Instruction Fuzzy Hash: 54D256B8E05229CFCB64CF98C994B9DBBB1BB49304F1485D9D859AB341D731AE82CF50
                                                                                        Function 00401CB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(00000001,?,004056A8,?,00401D78,?,00000000,004014CF,?,00000000), ref: 00401CE1
                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,004056A8,?,00401D78,?,00000000,004014CF,?,00000000), ref: 00401CEE
                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00401D14
                                                                                        • OutputDebugStringA.KERNEL32(undef symbol,?,004056A8,?,00401D78,?,00000000,004014CF,?,00000000), ref: 00401D33
                                                                                        • __iob_func.MSVCR90 ref: 00401D41
                                                                                        • fprintf.MSVCR90 ref: 00401D4B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressDebugHandleLibraryLoadModuleOutputProcString__iob_funcfprintf
                                                                                        • String ID: undef symbol$undefined symbol %s -> exit(-1)
                                                                                        • API String ID: 3232099167-3880521481
                                                                                        • Opcode ID: a62e86013865cb6945eca6c9e6b857a4ad3fd4014c4c712411902039301153c0
                                                                                        • Instruction ID: ec091370b392768ebba2b9cbd08fa3fa07ccb6f4dd854fbc632097c7e97f4075
                                                                                        • Opcode Fuzzy Hash: a62e86013865cb6945eca6c9e6b857a4ad3fd4014c4c712411902039301153c0
                                                                                        • Instruction Fuzzy Hash: 9A11E2B16003029FEB216B699C487677798EFD4351F194437EA82F33B0D778DC958A18
                                                                                        Function 00401350 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CreateFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\common.bin,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00401464,?), ref: 00401365
                                                                                        • GetFileSize.KERNEL32(00000000,00401464,?,?,?,00401464,?), ref: 0040137F
                                                                                        • CreateFileMappingA.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00401392
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00401464,?), ref: 004013A1
                                                                                        Strings
                                                                                        • C:\Users\user\AppData\Local\Temp\common.bin, xrefs: 00401364
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Create$CloseHandleMappingSize
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\common.bin
                                                                                        • API String ID: 3089540790-3140452762
                                                                                        • Opcode ID: e8d0a1f2787124378ff6857ee086f689d906f27355de188c8710255d9154317e
                                                                                        • Instruction ID: 01b989ff9adac1588cbd50fc37617142f0a4378e713b607962af627c2eb096ff
                                                                                        • Opcode Fuzzy Hash: e8d0a1f2787124378ff6857ee086f689d906f27355de188c8710255d9154317e
                                                                                        • Instruction Fuzzy Hash: B3017172B513107AF63056B8BC4AF9AA798D785B72F21063AFB11FA1D0D6B468005668

                                                                                        Non-executed Functions

                                                                                        Function 6CCB3F10 Relevance: 30.4, APIs: 20, Instructions: 382COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isalnum.MSVCR90 ref: 6CCB40AE
                                                                                        • isalnum.MSVCR90 ref: 6CCB40DB
                                                                                        • isalnum.MSVCR90 ref: 6CCB412B
                                                                                        • isalnum.MSVCR90 ref: 6CCB4158
                                                                                        • _PyUnicodeUCS2_IsAlpha.PYTHON27(?), ref: 6CCB41A3
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27(?), ref: 6CCB41B0
                                                                                        • _PyUnicodeUCS2_IsDigit.PYTHON27(?), ref: 6CCB41BD
                                                                                        • _PyUnicodeUCS2_IsNumeric.PYTHON27(?), ref: 6CCB41CA
                                                                                        • _PyUnicodeUCS2_IsAlpha.PYTHON27 ref: 6CCB41F1
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27 ref: 6CCB41FE
                                                                                        • _PyUnicodeUCS2_IsDigit.PYTHON27 ref: 6CCB420B
                                                                                        • _PyUnicodeUCS2_IsNumeric.PYTHON27 ref: 6CCB4218
                                                                                        • _PyUnicodeUCS2_IsAlpha.PYTHON27(?), ref: 6CCB4257
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27(?), ref: 6CCB4264
                                                                                        • _PyUnicodeUCS2_IsDigit.PYTHON27(?), ref: 6CCB4271
                                                                                        • _PyUnicodeUCS2_IsNumeric.PYTHON27(?), ref: 6CCB427E
                                                                                        • _PyUnicodeUCS2_IsAlpha.PYTHON27 ref: 6CCB42A5
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27 ref: 6CCB42B2
                                                                                        • _PyUnicodeUCS2_IsDigit.PYTHON27 ref: 6CCB42BF
                                                                                        • _PyUnicodeUCS2_IsNumeric.PYTHON27 ref: 6CCB42CC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Digit$AlphaDecimalNumericisalnum
                                                                                        • String ID:
                                                                                        • API String ID: 2555583657-0
                                                                                        • Opcode ID: 203f624fcd37ee82c74a7094653982ce8f06d22b0e99b3bae75789767bfbb9a5
                                                                                        • Instruction ID: b07fc54cc03a58130efa9db353a0a83cbce52cc558332895f48ac221ba3acd80
                                                                                        • Opcode Fuzzy Hash: 203f624fcd37ee82c74a7094653982ce8f06d22b0e99b3bae75789767bfbb9a5
                                                                                        • Instruction Fuzzy Hash: 8CB18096B0C43147E71096FA6C812ABB3B4AB4032DB1C8636DC99F3E45F735D485A292
                                                                                        Function 6CCAFDD0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetACP.KERNEL32 ref: 6CCAFDE4
                                                                                        • PyOS_snprintf.PYTHON27(?,00000064,cp%d,00000000), ref: 6CCAFDF9
                                                                                        • GetLocaleInfoA.KERNEL32(00000400,00000059,?,00000064), ref: 6CCAFE14
                                                                                        • GetLocaleInfoA.KERNEL32(00000400,0000005A,0000005F,00000064), ref: 6CCAFE43
                                                                                        • GetLocaleInfoA.KERNEL32(00000400,00000009,?,00000062), ref: 6CCAFE70
                                                                                        • Py_BuildValue.PYTHON27(6CDEC53C,00000030,?), ref: 6CCAFE8D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale$BuildS_snprintfValue
                                                                                        • String ID: 0$cp%d$x
                                                                                        • API String ID: 2137356293-3685427448
                                                                                        • Opcode ID: 58e623fb9b6ab6a6f83e0a77e77c7f1b7cf6bfde258e083d93c14936861b1355
                                                                                        • Instruction ID: 9468072bdbd309a0caecb09ced818716bc7918b61d387e9d01f24cc799c03662
                                                                                        • Opcode Fuzzy Hash: 58e623fb9b6ab6a6f83e0a77e77c7f1b7cf6bfde258e083d93c14936861b1355
                                                                                        • Instruction Fuzzy Hash: F121A470A0130AAEFB01DBA8CC49FBE7FBC9B45704F004555EA05AB5C1E6755509CBA1
                                                                                        Function 004022C0 Relevance: 6.3, APIs: 5, Instructions: 60memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • free.MSVCR90 ref: 00402321
                                                                                        • VirtualFree.KERNEL32(C0335F5D,00000000,00008000,?,00000000,004026C2,00000000), ref: 00402336
                                                                                        • free.MSVCR90 ref: 00402344
                                                                                        • GetProcessHeap.KERNEL32(00000000,004026C2,?,00000000,004026C2,00000000), ref: 0040234C
                                                                                        • HeapFree.KERNEL32(00000000), ref: 00402353
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeHeapfree$ProcessVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2257755588-0
                                                                                        • Opcode ID: 102b0e965b67371c3419661cfc3c5fb572f8875f49e51ae503116d5d03759085
                                                                                        • Instruction ID: c191dbe27311920bbdec97b2ed2d5cc66810e61716ce78d940763c9d64f64ade
                                                                                        • Opcode Fuzzy Hash: 102b0e965b67371c3419661cfc3c5fb572f8875f49e51ae503116d5d03759085
                                                                                        • Instruction Fuzzy Hash: A3115BB1600701ABD2309B65DD89B57B3A8BB84710F144939EA9AB72D0C7BCF845CA69
                                                                                        Function 6CD88DF0 Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_NoMemory.PYTHON27(?), ref: 6CD88E35
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,00000014,?,?), ref: 6CD88F3B
                                                                                        • _PyString_Resize.PYTHON27(?,00000000,?,?), ref: 6CD88F69
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$Err_FromMemoryResizeSizeString
                                                                                        • String ID:
                                                                                        • API String ID: 3221442098-0
                                                                                        • Opcode ID: abe1c397e34f42cd98b846108c78df4bcda4b135ba7d495cbe0bedb1e425d8ea
                                                                                        • Instruction ID: 0eb157f5f24a65769ac9effef2af11db017b6a2ada04d8b436da9e37c54fe82b
                                                                                        • Opcode Fuzzy Hash: abe1c397e34f42cd98b846108c78df4bcda4b135ba7d495cbe0bedb1e425d8ea
                                                                                        • Instruction Fuzzy Hash: 94413671B022058BCB098B6CCC902BD7365DB85214F0807AFDD1BABBE1DB758944C7A1
                                                                                        Function 00401110 Relevance: 3.8, Strings: 3, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: _MessageBox$sys$windows_exe
                                                                                        • API String ID: 0-3849625447
                                                                                        • Opcode ID: fd65348d22b7d2e19ff4df5bd480cead7c4a5eac75bb3426842ad792d1667849
                                                                                        • Instruction ID: 03ad9a0f995d2bc1cd443073b562689d5bf0c018f35825648ba9a12bb2c7fe2a
                                                                                        • Opcode Fuzzy Hash: fd65348d22b7d2e19ff4df5bd480cead7c4a5eac75bb3426842ad792d1667849
                                                                                        • Instruction Fuzzy Hash: 48F082B1A41A009BD6117790AD0AF5F3358DB58704F100132FE02BF3E2E6B868449DEE
                                                                                        Function 00402CAD Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00002C6B), ref: 00402CB2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: 9958a91c4ca027a0dd06e737d3769bf254095cad11251027f228ee6969ece57c
                                                                                        • Instruction ID: 7bd2fd39c89f7d3508dfe89a34405372043ba1f6fa746baa291dd004a811b285
                                                                                        • Opcode Fuzzy Hash: 9958a91c4ca027a0dd06e737d3769bf254095cad11251027f228ee6969ece57c
                                                                                        • Instruction Fuzzy Hash: E99002B1A5560046D61017706F4D60925906A8C60B75204716301F44D4DAB44500555D
                                                                                        Function 6CCAF6B0 Relevance: 94.9, APIs: 36, Strings: 18, Instructions: 375COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 152 6ccaf6b0-6ccaf6ba PyDict_New 153 6ccaf6be-6ccaf6d7 localeconv PyString_FromString 152->153 154 6ccaf6bc-6ccaf6bd 152->154 155 6ccaf6dd-6ccaf6ef PyDict_SetItemString 153->155 156 6ccafa67-6ccafa6a 153->156 159 6ccaf6fd-6ccaf70d PyString_FromString 155->159 160 6ccaf6f1-6ccaf6fa 155->160 157 6ccafa78-6ccafa7a 156->157 158 6ccafa6c-6ccafa75 156->158 162 6ccafa7c-6ccafa7f 157->162 163 6ccafa8d-6ccafa92 157->163 158->157 159->156 161 6ccaf713-6ccaf725 PyDict_SetItemString 159->161 160->159 165 6ccaf733 161->165 166 6ccaf727-6ccaf730 161->166 162->163 168 6ccafa81-6ccafa8a 162->168 169 6ccaf736 call 6ccaf110 165->169 166->165 168->163 171 6ccaf73b-6ccaf73f 169->171 171->156 173 6ccaf745-6ccaf757 PyDict_SetItemString 171->173 174 6ccaf759-6ccaf762 173->174 175 6ccaf765-6ccaf775 PyString_FromString 173->175 174->175 175->156 176 6ccaf77b-6ccaf78d PyDict_SetItemString 175->176 178 6ccaf79b-6ccaf7ab PyString_FromString 176->178 179 6ccaf78f-6ccaf798 176->179 178->156 180 6ccaf7b1-6ccaf7c3 PyDict_SetItemString 178->180 179->178 182 6ccaf7d1-6ccaf7e1 PyString_FromString 180->182 183 6ccaf7c5-6ccaf7ce 180->183 182->156 184 6ccaf7e7-6ccaf7f9 PyDict_SetItemString 182->184 183->182 186 6ccaf7fb-6ccaf804 184->186 187 6ccaf807-6ccaf817 PyString_FromString 184->187 186->187 187->156 188 6ccaf81d-6ccaf82f PyDict_SetItemString 187->188 190 6ccaf83d 188->190 191 6ccaf831-6ccaf83a 188->191 192 6ccaf840 call 6ccaf110 190->192 191->190 194 6ccaf845-6ccaf849 192->194 194->156 195 6ccaf84f-6ccaf861 PyDict_SetItemString 194->195 196 6ccaf86f-6ccaf87f PyString_FromString 195->196 197 6ccaf863-6ccaf86c 195->197 196->156 198 6ccaf885-6ccaf897 PyDict_SetItemString 196->198 197->196 200 6ccaf899-6ccaf8a2 198->200 201 6ccaf8a5-6ccaf8b5 PyString_FromString 198->201 200->201 201->156 202 6ccaf8bb-6ccaf8cd PyDict_SetItemString 201->202 204 6ccaf8db-6ccaf8ec PyInt_FromLong 202->204 205 6ccaf8cf-6ccaf8d8 202->205 204->156 206 6ccaf8f2-6ccaf904 PyDict_SetItemString 204->206 205->204 208 6ccaf912-6ccaf923 PyInt_FromLong 206->208 209 6ccaf906-6ccaf90f 206->209 208->156 210 6ccaf929-6ccaf93b PyDict_SetItemString 208->210 209->208 212 6ccaf949-6ccaf95a PyInt_FromLong 210->212 213 6ccaf93d-6ccaf946 210->213 212->156 214 6ccaf960-6ccaf972 PyDict_SetItemString 212->214 213->212 216 6ccaf980-6ccaf991 PyInt_FromLong 214->216 217 6ccaf974-6ccaf97d 214->217 216->156 218 6ccaf997-6ccaf9a9 PyDict_SetItemString 216->218 217->216 220 6ccaf9ab-6ccaf9b4 218->220 221 6ccaf9b7-6ccaf9c8 PyInt_FromLong 218->221 220->221 221->156 222 6ccaf9ce-6ccaf9e0 PyDict_SetItemString 221->222 224 6ccaf9ee-6ccaf9ff PyInt_FromLong 222->224 225 6ccaf9e2-6ccaf9eb 222->225 224->156 226 6ccafa01-6ccafa13 PyDict_SetItemString 224->226 225->224 228 6ccafa21-6ccafa32 PyInt_FromLong 226->228 229 6ccafa15-6ccafa1e 226->229 228->156 230 6ccafa34-6ccafa46 PyDict_SetItemString 228->230 229->228 231 6ccafa48-6ccafa51 230->231 232 6ccafa54-6ccafa65 PyInt_FromLong 230->232 231->232 232->156 234 6ccafa93-6ccafaa5 PyDict_SetItemString 232->234 235 6ccafab3-6ccafab8 234->235 236 6ccafaa7-6ccafab0 234->236 236->235
                                                                                        APIs
                                                                                        • PyDict_New.PYTHON27 ref: 6CCAF6B1
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • localeconv.MSVCR90 ref: 6CCAF6C0
                                                                                        • PyString_FromString.PYTHON27(00000000), ref: 6CCAF6CB
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,decimal_point,00000000), ref: 6CCAF6E4
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CCAF701
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,thousands_sep,00000000), ref: 6CCAF71A
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,grouping,00000000), ref: 6CCAF74C
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CCAF769
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,int_curr_symbol,00000000), ref: 6CCAF782
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CCAF79F
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,currency_symbol,00000000), ref: 6CCAF7B8
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CCAF7D5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Dict_FromString_$Item$localeconv
                                                                                        • String ID: currency_symbol$decimal_point$frac_digits$grouping$int_curr_symbol$int_frac_digits$mon_decimal_point$mon_grouping$mon_thousands_sep$n_cs_precedes$n_sep_by_space$n_sign_posn$negative_sign$p_cs_precedes$p_sep_by_space$p_sign_posn$positive_sign$thousands_sep
                                                                                        • API String ID: 3913525369-2270419579
                                                                                        • Opcode ID: ef4c95d5cd51ad403a9f3a1dcd47a8d8dafcfbf9f9932f88ac01071c75b58d1b
                                                                                        • Instruction ID: 67ba099510f3e20b0cf39a876460d942f15e95a557b6ef00476473b340f3e4f6
                                                                                        • Opcode Fuzzy Hash: ef4c95d5cd51ad403a9f3a1dcd47a8d8dafcfbf9f9932f88ac01071c75b58d1b
                                                                                        • Instruction Fuzzy Hash: C1B10CB2C019126BC2119BA4AC80CEB36A46F45738B294718DD6917B61F73DEE4BC7D2
                                                                                        Function 6CD39940 Relevance: 66.8, APIs: 27, Strings: 11, Instructions: 341COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 416 6cd39940-6cd39953 417 6cd39955-6cd39968 PyString_FromString 416->417 418 6cd39988-6cd3998f 416->418 419 6cd3997b-6cd39982 417->419 420 6cd3996a-6cd39978 PyString_InternInPlace 417->420 421 6cd39991-6cd399a4 PyString_FromString 418->421 422 6cd399c4-6cd399cb 418->422 419->418 423 6cd39d50-6cd39d58 419->423 420->419 424 6cd399b7-6cd399be 421->424 425 6cd399a6-6cd399b4 PyString_InternInPlace 421->425 426 6cd39a00-6cd39a05 422->426 427 6cd399cd-6cd399e0 PyString_FromString 422->427 424->422 424->423 425->424 430 6cd39a0b-6cd39a15 426->430 431 6cd39d1f-6cd39d3d PyString_FromString PyErr_SetObject 426->431 428 6cd399f3-6cd399fa 427->428 429 6cd399e2-6cd399f0 PyString_InternInPlace 427->429 428->423 428->426 429->428 430->431 433 6cd39a1b-6cd39a20 430->433 431->423 432 6cd39d3f-6cd39d42 431->432 432->423 434 6cd39d44-6cd39d4d 432->434 435 6cd39d02-6cd39d1e PyErr_SetString 433->435 436 6cd39a26-6cd39a30 433->436 434->423 436->435 437 6cd39a36-6cd39a48 PyDict_GetItem 436->437 438 6cd39a66-6cd39a78 PyDict_GetItem 437->438 439 6cd39a4a-6cd39a60 PyDict_SetItem 437->439 441 6cd39a7a-6cd39a81 PyEval_GetGlobals 438->441 442 6cd39aaf-6cd39ab4 438->442 439->423 439->438 441->442 443 6cd39a83-6cd39a95 PyDict_GetItem 441->443 444 6cd39ab6-6cd39abd 442->444 445 6cd39b2b-6cd39b35 442->445 443->442 446 6cd39a97-6cd39aa9 PyDict_SetItem 443->446 447 6cd39ac8-6cd39adb _PyObject_GC_NewVar 444->447 448 6cd39abf-6cd39ac3 444->448 449 6cd39b37-6cd39b53 PyErr_SetString 445->449 450 6cd39b54-6cd39b61 PyTuple_Size 445->450 446->423 446->442 447->423 452 6cd39ae1-6cd39af6 447->452 451 6cd39b89-6cd39b90 448->451 453 6cd39b63-6cd39b66 450->453 454 6cd39b87 450->454 456 6cd39b92-6cd39ba6 PyString_InternFromString 451->456 457 6cd39bd4-6cd39be5 _PyObject_GC_New 451->457 458 6cd39b05-6cd39b29 452->458 459 6cd39af8-6cd39b02 Py_FatalError 452->459 455 6cd39b70-6cd39b79 453->455 454->451 460 6cd39c05-6cd39c13 PyCallable_Check 455->460 461 6cd39b7f-6cd39b85 455->461 462 6cd39be7-6cd39bea 456->462 463 6cd39ba8-6cd39bbc PyString_InternFromString 456->463 457->462 464 6cd39c4d-6cd39caa call 6cd39fa0 * 3 457->464 458->451 459->458 468 6cd39c30-6cd39c4c PyErr_SetString 460->468 469 6cd39c15-6cd39c2f PyObject_CallFunctionObjArgs 460->469 461->454 461->455 462->423 467 6cd39bf0-6cd39c04 462->467 463->462 466 6cd39bbe-6cd39bd2 PyString_InternFromString 463->466 476 6cd39cae-6cd39cb3 464->476 477 6cd39cac 464->477 466->457 466->462 478 6cd39cb7-6cd39cbc 476->478 479 6cd39cb5 476->479 477->476 480 6cd39cc0-6cd39cc7 478->480 481 6cd39cbe 478->481 479->478 482 6cd39cd6-6cd39d01 480->482 483 6cd39cc9-6cd39cd3 Py_FatalError 480->483 481->480 483->482
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(__doc__), ref: 6CD3995A
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD3996F
                                                                                        • PyString_FromString.PYTHON27(__module__), ref: 6CD39996
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD399AB
                                                                                        • PyString_FromString.PYTHON27(__name__), ref: 6CD399D2
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD399E7
                                                                                        • PyDict_GetItem.PYTHON27(?,?), ref: 6CD39A3E
                                                                                        • PyDict_SetItem.PYTHON27(?,?,?), ref: 6CD39A56
                                                                                        • PyDict_GetItem.PYTHON27(?,?), ref: 6CD39A6E
                                                                                        • PyEval_GetGlobals.PYTHON27 ref: 6CD39A7A
                                                                                        • PyDict_GetItem.PYTHON27(00000000,?), ref: 6CD39A8B
                                                                                        • PyDict_SetItem.PYTHON27(?,?,00000000), ref: 6CD39A9F
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000000), ref: 6CD39ACF
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD39AFD
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,PyClass_New: bases must be a tuple), ref: 6CD39B43
                                                                                        • PyTuple_Size.PYTHON27(?), ref: 6CD39B55
                                                                                        • PyString_InternFromString.PYTHON27(__getattr__), ref: 6CD39B97
                                                                                        • PyString_InternFromString.PYTHON27(__setattr__), ref: 6CD39BAD
                                                                                        • PyString_InternFromString.PYTHON27(__delattr__), ref: 6CD39BC3
                                                                                        • _PyObject_GC_New.PYTHON27(?), ref: 6CD39BD9
                                                                                        • PyCallable_Check.PYTHON27(6CEE9BF8), ref: 6CD39C09
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(6CEE9BF8,?,?,?,00000000), ref: 6CD39C21
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$String$FromIntern$Dict_Item$Object_Place$ArgsCallCallable_CheckErr_ErrorEval_FatalFunctionGlobalsSizeTuple_
                                                                                        • String ID: GC object already tracked$PyClass_New: base must be a class$PyClass_New: bases must be a tuple$PyClass_New: dict must be a dictionary$PyClass_New: name must be a string$__delattr__$__doc__$__getattr__$__module__$__name__$__setattr__
                                                                                        • API String ID: 1439401794-468072166
                                                                                        • Opcode ID: 8ecd718f81d5e50d19fe5876524eea6febeca756d478b1b593bd20dd555b49c4
                                                                                        • Instruction ID: 2ece107151385b82598495a3340ee7887dbd67926bfe3d3d762039c3ddbc2bc7
                                                                                        • Opcode Fuzzy Hash: 8ecd718f81d5e50d19fe5876524eea6febeca756d478b1b593bd20dd555b49c4
                                                                                        • Instruction Fuzzy Hash: AFB1F8B1A102129BDB10CF65EC41A6773F4FB86228F155629E81D87F61FB31E409CBB1
                                                                                        Function 6CDC95A0 Relevance: 59.8, APIs: 23, Strings: 11, Instructions: 292stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 537 6cdc95a0-6cdc95b1 538 6cdc97ba-6cdc97c4 537->538 539 6cdc95b7-6cdc95c1 537->539 539->538 540 6cdc95c7-6cdc95c9 539->540 540->538 541 6cdc95cf-6cdc95d6 540->541 542 6cdc95d8-6cdc95ec PyString_InternFromString 541->542 543 6cdc95f2-6cdc95f9 541->543 542->543 544 6cdc9678-6cdc967f 542->544 545 6cdc95fb-6cdc960f PyString_InternFromString 543->545 546 6cdc9611-6cdc9618 543->546 545->544 545->546 547 6cdc961a-6cdc962e PyString_InternFromString 546->547 548 6cdc9630-6cdc9648 PyDict_GetItem 546->548 547->544 547->548 549 6cdc964e-6cdc9653 548->549 550 6cdc96e5-6cdc96f8 PyDict_GetItem 548->550 549->550 552 6cdc9659-6cdc9663 549->552 550->538 551 6cdc96fe-6cdc9708 550->551 551->538 553 6cdc970e-6cdc9720 PyDict_GetItem 551->553 554 6cdc9665 552->554 555 6cdc9680-6cdc9685 552->555 556 6cdc977f-6cdc9790 strrchr 553->556 557 6cdc9722-6cdc9729 553->557 558 6cdc966a-6cdc9675 PyErr_SetString 554->558 559 6cdc96ab-6cdc96b1 555->559 560 6cdc9687-6cdc9689 555->560 561 6cdc97c5-6cdc97cf 556->561 562 6cdc9792-6cdc9795 556->562 565 6cdc972b-6cdc9730 557->565 566 6cdc9735-6cdc973c 557->566 558->544 563 6cdc96cf-6cdc96d4 559->563 564 6cdc96b3-6cdc96ce PyErr_SetString 559->564 560->538 567 6cdc968f-6cdc96aa PyErr_SetString 560->567 561->565 571 6cdc97d5-6cdc97ee memcpy PyString_FromString 561->571 568 6cdc9797-6cdc979c 562->568 569 6cdc97a1-6cdc97b8 PyDict_SetItem 562->569 570 6cdc96d6-6cdc96de 563->570 565->558 572 6cdc9740-6cdc9748 566->572 568->558 569->538 573 6cdc9763-6cdc977e PyErr_SetString 569->573 570->570 574 6cdc96e0 570->574 571->544 575 6cdc97f4-6cdc980d PyDict_SetItem 571->575 572->572 576 6cdc974a-6cdc975b PyDict_SetItem 572->576 577 6cdc9825-6cdc9828 574->577 578 6cdc980f-6cdc9818 575->578 579 6cdc981b-6cdc981d 575->579 580 6cdc975d 576->580 581 6cdc984c-6cdc984e 577->581 582 6cdc982a 577->582 578->579 579->580 580->573 583 6cdc9822 580->583 584 6cdc9851-6cdc9856 581->584 586 6cdc9830-6cdc983e strrchr 582->586 583->577 584->584 587 6cdc9858-6cdc9872 PyImport_GetModuleDict PyDict_GetItemString 584->587 588 6cdc98da-6cdc98df 586->588 589 6cdc9844-6cdc984a 586->589 590 6cdc9878-6cdc987d 587->590 591 6cdc98f7-6cdc98fe 587->591 588->558 589->581 589->586 592 6cdc987f-6cdc9890 PyString_FromFormat 590->592 593 6cdc98e4-6cdc98f4 PyErr_Format 590->593 592->544 594 6cdc9896-6cdc98b3 PyString_AsString PyErr_WarnEx 592->594 593->591 595 6cdc98b5-6cdc98bc 594->595 596 6cdc98c1-6cdc98c4 594->596 595->596 596->591 597 6cdc98c6-6cdc98d9 596->597
                                                                                        APIs
                                                                                        • PyString_InternFromString.PYTHON27(__name__,00000000,6CDCA352,?,?,6CDC936C,?,?), ref: 6CDC95DD
                                                                                          • Part of subcall function 6CD76990: PyString_FromString.PYTHON27(?,?,?,6CDC9624,__package__,00000000,6CDCA352,?,?,6CDC936C,?,?), ref: 6CD76998
                                                                                        • PyString_InternFromString.PYTHON27(__path__,00000000,6CDCA352,?,?,6CDC936C,?,?), ref: 6CDC9600
                                                                                        • PyString_InternFromString.PYTHON27(__package__,00000000,6CDCA352,?,?,6CDC936C,?,?), ref: 6CDC961F
                                                                                        • PyDict_GetItem.PYTHON27(?,?,00000000,6CDCA352,?,?,6CDC936C,?,?), ref: 6CDC963E
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,Module name too long,?,?,?,?,?,?,?), ref: 6CDC9670
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,Attempted relative import in non-package,?), ref: 6CDC969B
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,Package name too long,?), ref: 6CDC96BF
                                                                                        • PyDict_GetItem.PYTHON27(?,?,?), ref: 6CDC96EC
                                                                                        • PyDict_GetItem.PYTHON27(?,?,?,?,?), ref: 6CDC9716
                                                                                        • PyDict_SetItem.PYTHON27(?,?,00000000,?,?,?,?,?), ref: 6CDC9753
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,Could not set __package__,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CDC976F
                                                                                        • strrchr.MSVCR90 ref: 6CDC9785
                                                                                        • PyDict_SetItem.PYTHON27(?,?,?,?,?,?,?,?,?,?), ref: 6CDC97AE
                                                                                        • memcpy.MSVCR90(00000000,-00000014,00000000,?,?,?,?,?,?,?), ref: 6CDC97D8
                                                                                        • PyString_FromString.PYTHON27(00000000,00000000,-00000014,00000000,?,?,?,?,?,?,?), ref: 6CDC97E2
                                                                                        • PyDict_SetItem.PYTHON27(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CDC9800
                                                                                        • strrchr.MSVCR90 ref: 6CDC9833
                                                                                        • PyImport_GetModuleDict.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CDC985F
                                                                                        • PyDict_GetItemString.PYTHON27(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CDC9866
                                                                                        • PyString_FromFormat.PYTHON27(Parent module '%.200s' not found while handling absolute import,00000000), ref: 6CDC9884
                                                                                        • PyString_AsString.PYTHON27(00000000,00000001), ref: 6CDC9899
                                                                                        • PyErr_WarnEx.PYTHON27(6CEE6D98,00000000,00000001), ref: 6CDC98A9
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,Parent module '%.200s' not loaded, cannot perform relative import,00000000), ref: 6CDC98EF
                                                                                        Strings
                                                                                        • Module name too long, xrefs: 6CDC972B
                                                                                        • Package name too long, xrefs: 6CDC96B9
                                                                                        • Attempted relative import beyond toplevel package, xrefs: 6CDC98DA
                                                                                        • __package__ set to non-string, xrefs: 6CDC9665
                                                                                        • __name__, xrefs: 6CDC95D8
                                                                                        • Could not set __package__, xrefs: 6CDC9769
                                                                                        • Parent module '%.200s' not loaded, cannot perform relative import, xrefs: 6CDC98E9
                                                                                        • Attempted relative import in non-package, xrefs: 6CDC9695, 6CDC9797
                                                                                        • __package__, xrefs: 6CDC961A
                                                                                        • Parent module '%.200s' not found while handling absolute import, xrefs: 6CDC987F
                                                                                        • __path__, xrefs: 6CDC95FB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Dict_ItemString_$Err_From$Intern$Formatstrrchr$DictImport_ModuleWarnmemcpy
                                                                                        • String ID: Attempted relative import beyond toplevel package$Attempted relative import in non-package$Could not set __package__$Module name too long$Package name too long$Parent module '%.200s' not found while handling absolute import$Parent module '%.200s' not loaded, cannot perform relative import$__name__$__package__$__package__ set to non-string$__path__
                                                                                        • API String ID: 2025534777-3665187588
                                                                                        • Opcode ID: fecb4d53ff762cc05f518856e21b61d60775f32eb9a3a88950d43a20f6413bdc
                                                                                        • Instruction ID: d2e27eeee4d314ad69c0adcc71bdb2e38ff9f7ad2bf30046e6dc1f7d7e3f1345
                                                                                        • Opcode Fuzzy Hash: fecb4d53ff762cc05f518856e21b61d60775f32eb9a3a88950d43a20f6413bdc
                                                                                        • Instruction Fuzzy Hash: 8A911975F412419BDB109FA9AC84B9673BCAF0531CF244668EC098BBA1E735D819C7F2
                                                                                        Function 6CCAFEB0 Relevance: 56.2, APIs: 20, Strings: 12, Instructions: 162COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • Py_InitModule4.PYTHON27(_locale,6CF0B3F0,00000000,00000000,000003F5), ref: 6CCAFEC3
                                                                                        • PyModule_GetDict.PYTHON27(00000000), ref: 6CCAFED6
                                                                                          • Part of subcall function 6CD65170: PyType_IsSubtype.PYTHON27(F08BFC45,?,00000000,?,?,6CD55195,00000000), ref: 6CD6518B
                                                                                          • Part of subcall function 6CD65170: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\moduleobject.c,00000032,6CD55195,00000000), ref: 6CD651A9
                                                                                        • PyInt_FromLong.PYTHON27(00000002,00000000), ref: 6CCAFEDF
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,LC_CTYPE,00000000,00000002,00000000), ref: 6CCAFEED
                                                                                          • Part of subcall function 6CD47460: PyString_FromString.PYTHON27(00000000,?,?,6CD650D7,00000000,__name__,00000000,?,00000014,?,6CDCDEB4), ref: 6CD47468
                                                                                        • PyInt_FromLong.PYTHON27(00000005), ref: 6CCAFF0C
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,LC_TIME,00000000,00000005), ref: 6CCAFF1A
                                                                                        • PyInt_FromLong.PYTHON27(00000001), ref: 6CCAFF39
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,LC_COLLATE,00000000,00000001), ref: 6CCAFF47
                                                                                        • PyInt_FromLong.PYTHON27(00000003), ref: 6CCAFF66
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,LC_MONETARY,00000000,00000003), ref: 6CCAFF74
                                                                                        • PyInt_FromLong.PYTHON27(00000004), ref: 6CCAFF93
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,LC_NUMERIC,00000000,00000004), ref: 6CCAFFA1
                                                                                        • PyInt_FromLong.PYTHON27(00000000), ref: 6CCAFFC0
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,LC_ALL,00000000,00000000), ref: 6CCAFFCE
                                                                                        • PyInt_FromLong.PYTHON27(0000007F), ref: 6CCAFFED
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,CHAR_MAX,00000000,0000007F), ref: 6CCAFFFB
                                                                                        • PyErr_NewException.PYTHON27(locale.Error,00000000,00000000), ref: 6CCB0021
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,Error,00000000,locale.Error,00000000,00000000), ref: 6CCB0032
                                                                                        • PyString_FromString.PYTHON27(Support for POSIX locales.,00000000,Error,00000000,locale.Error,00000000,00000000), ref: 6CCB003C
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,__doc__,00000000,Support for POSIX locales.,00000000,Error,00000000,locale.Error,00000000,00000000), ref: 6CCB004A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Dict_FromItem$Int_Long$Err_String_$DictExceptionFormatInitModule4Module_SubtypeType_
                                                                                        • String ID: CHAR_MAX$Error$LC_ALL$LC_COLLATE$LC_CTYPE$LC_MONETARY$LC_NUMERIC$LC_TIME$Support for POSIX locales.$__doc__$_locale$locale.Error
                                                                                        • API String ID: 215864015-3707555184
                                                                                        • Opcode ID: be3b97864b26f7f160d1ca23392cf2e712263f8a6e534bcd515f2dc01a443fd5
                                                                                        • Instruction ID: 1b326888880612831e012175e5ed09f85058e72fb36275fab7d7137b73555eed
                                                                                        • Opcode Fuzzy Hash: be3b97864b26f7f160d1ca23392cf2e712263f8a6e534bcd515f2dc01a443fd5
                                                                                        • Instruction Fuzzy Hash: A441D672940A027BE20067649C01FBB36659FD573CF254714EA3816BE1FB39D917C6A2
                                                                                        Function 6CCAE6F0 Relevance: 52.9, APIs: 26, Strings: 4, Instructions: 420COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 698 6ccae6f0-6ccae70c 699 6ccae70e-6ccae714 698->699 700 6ccae723-6ccae735 PyString_FromString 698->700 699->700 701 6ccae716-6ccae71d 699->701 702 6ccae73b-6ccae747 PyString_InternInPlace 700->702 703 6ccae737-6ccae739 700->703 701->700 704 6ccae7c7-6ccae7cd 701->704 705 6ccae74a-6ccae761 PyString_FromString 702->705 703->705 706 6ccae7cf-6ccae7e2 PyList_Append 704->706 707 6ccae7e3-6ccae7ee 704->707 708 6ccae763-6ccae765 705->708 709 6ccae767-6ccae773 PyString_InternInPlace 705->709 711 6ccae858-6ccae86d PyList_Append 707->711 712 6ccae7f0-6ccae800 PyLong_FromVoidPtr 707->712 710 6ccae776-6ccae78d PyString_FromString 708->710 709->710 713 6ccae78f-6ccae791 710->713 714 6ccae793-6ccae79f PyString_InternInPlace 710->714 717 6ccae9b3-6ccae9b5 711->717 718 6ccae873-6ccae879 711->718 715 6ccae9c8-6ccae9d1 712->715 716 6ccae806-6ccae818 PyDict_Contains 712->716 721 6ccae7a2-6ccae7ad 713->721 714->721 723 6ccae81a-6ccae81d 716->723 724 6ccae83c-6ccae852 PyDict_SetItem 716->724 717->715 722 6ccae9b7-6ccae9ba 717->722 719 6ccae87b 718->719 720 6ccae87e-6ccae88f PyObject_GetIter 718->720 719->720 720->717 725 6ccae895-6ccae8a9 PyObject_IsTrue 720->725 721->715 726 6ccae7b3-6ccae7b9 721->726 722->715 727 6ccae9bc-6ccae9c5 722->727 723->717 728 6ccae823-6ccae837 PyErr_SetString 723->728 724->711 724->717 729 6ccae8af-6ccae8c2 PyIter_Next 725->729 730 6ccae957-6ccae95d 725->730 726->715 731 6ccae7bf-6ccae7c1 726->731 727->715 728->717 732 6ccae8c8 729->732 733 6ccaeb2d-6ccaeb37 729->733 734 6ccae96b 730->734 735 6ccae95f-6ccae968 730->735 731->704 731->715 737 6ccae8d0-6ccae8dc 732->737 733->730 738 6ccaeb3d-6ccaeb43 733->738 739 6ccae96e-6ccae970 734->739 735->734 740 6ccae8e2-6ccae8e8 737->740 741 6ccaea01-6ccaea03 737->741 742 6ccaeb51-6ccaeb56 738->742 743 6ccaeb45-6ccaeb4e 738->743 745 6ccae972-6ccae975 739->745 746 6ccae983-6ccae988 739->746 748 6ccae9e8-6ccae9f9 call 6ccae2a0 740->748 749 6ccae8ee-6ccae8fe PyType_IsSubtype 740->749 747 6ccaea06-6ccaea0a 741->747 750 6ccaeb58-6ccaeb6a PyDict_DelItem 742->750 751 6ccaeb85-6ccaeb99 PyList_Append 742->751 743->742 745->746 752 6ccae977-6ccae980 745->752 753 6ccae98a-6ccae98d 746->753 754 6ccae99b-6ccae9a0 746->754 759 6ccaea0c-6ccaea21 PyList_Append 747->759 760 6ccaea27-6ccaea39 PyObject_GetItem 747->760 748->730 772 6ccae9ff 748->772 749->748 761 6ccae904-6ccae90a 749->761 750->739 763 6ccaeb70-6ccaeb77 750->763 751->739 757 6ccaeb9f-6ccaeba5 751->757 752->746 753->754 755 6ccae98f-6ccae998 753->755 754->717 758 6ccae9a2-6ccae9a5 754->758 755->754 758->717 765 6ccae9a7-6ccae9b0 758->765 759->730 759->760 760->730 766 6ccaea3f-6ccaea49 760->766 767 6ccae9d2-6ccae9e0 PyObject_Str 761->767 768 6ccae910-6ccae916 761->768 763->751 769 6ccaeb79-6ccaeb82 763->769 765->717 773 6ccaea4b-6ccaea52 call 6ccae340 766->773 774 6ccaea54-6ccaea60 PyObject_CallFunctionObjArgs 766->774 767->730 777 6ccae9e6 767->777 775 6ccae918-6ccae91e 768->775 776 6ccae945-6ccae951 call 6ccae1e0 768->776 769->751 772->747 782 6ccaea63-6ccaea67 773->782 774->782 775->776 781 6ccae920-6ccae926 775->781 776->730 776->747 777->747 781->776 786 6ccae928-6ccae92b 781->786 787 6ccaea69-6ccaea75 782->787 788 6ccaea83-6ccaea85 782->788 790 6ccae931-6ccae934 786->790 791 6ccaeba6-6ccaebba PyErr_SetString 786->791 787->788 792 6ccaea77-6ccaea80 787->792 788->730 789 6ccaea8b-6ccaea9a PyList_Append 788->789 793 6ccaebbf-6ccaebc2 789->793 794 6ccaeaa0-6ccaeaa3 789->794 795 6ccae93a-6ccae940 790->795 796 6ccaeb17-6ccaeb27 PyIter_Next 790->796 791->730 792->788 793->730 798 6ccaebc8-6ccaebd4 793->798 799 6ccaeab1-6ccaeac3 PyList_Append 794->799 800 6ccaeaa5-6ccaeaae 794->800 803 6ccaeb14 795->803 796->733 796->737 798->730 799->730 802 6ccaeac9-6ccaeae2 call 6ccae3c0 799->802 800->799 802->730 808 6ccaeae8-6ccaeaf8 802->808 803->796 809 6ccaeafa-6ccaeb03 808->809 810 6ccaeb06-6ccaeb09 808->810 809->810 810->796 811 6ccaeb0b-6ccaeb11 810->811 811->803
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(6CDEC2B4,?,000000FE,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE728
                                                                                        • PyString_InternInPlace.PYTHON27(?,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE73F
                                                                                        • PyString_FromString.PYTHON27(6CDEC2B8,?,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE754
                                                                                        • PyString_InternInPlace.PYTHON27(?,?,?,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE76B
                                                                                        • PyString_FromString.PYTHON27(6CDEC2BC,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE780
                                                                                        • PyString_InternInPlace.PYTHON27(?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE797
                                                                                        • PyList_Append.PYTHON27(?,?,?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?,?), ref: 6CCAE7D4
                                                                                        • PyLong_FromVoidPtr.PYTHON27(?,?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?,?,?), ref: 6CCAE7F1
                                                                                        • PyDict_Contains.PYTHON27(?,00000000,?,?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?), ref: 6CCAE80E
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,Circular reference detected,?,?,?,?,?,?,?,?,?,?,?,6CCAE485,?,?), ref: 6CCAE82F
                                                                                        • PyDict_SetItem.PYTHON27(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CCAE485,?), ref: 6CCAE848
                                                                                        • PyList_Append.PYTHON27(?,?,?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?,?), ref: 6CCAE863
                                                                                        • PyObject_GetIter.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE,?), ref: 6CCAE882
                                                                                        • PyObject_IsTrue.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,6CCAE485,?,?,000000FE), ref: 6CCAE89C
                                                                                        • PyIter_Next.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,?,6CCAE485,?,?), ref: 6CCAE8B6
                                                                                        • PyType_IsSubtype.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CCAE485), ref: 6CCAE8F4
                                                                                        • PyIter_Next.PYTHON27(?), ref: 6CCAEB1B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$FromString$InternPlace$AppendDict_Iter_List_NextObject_$ContainsErr_ItemIterLong_SubtypeTrueType_Void
                                                                                        • String ID: Circular reference detected$keys must be a string$2l$cl
                                                                                        • API String ID: 570287457-651669644
                                                                                        • Opcode ID: 0094b70a65b5e5519e508bdd8d9aab0e56e6b478d8506e17b85d9147c0cba080
                                                                                        • Instruction ID: 5f71b916cea733c13d3d74128a994d4ccc2ae2caff14db9c22add6e1922e2f7f
                                                                                        • Opcode Fuzzy Hash: 0094b70a65b5e5519e508bdd8d9aab0e56e6b478d8506e17b85d9147c0cba080
                                                                                        • Instruction Fuzzy Hash: BDE1C4B1E006069BDB00DFE5DC48A9E7774AB45328F14462CE82887B91F735E967CBE1
                                                                                        Function 6CD4E530 Relevance: 52.8, APIs: 26, Strings: 4, Instructions: 297threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 813 6cd4e530-6cd4e558 814 6cd4e56d-6cd4e570 813->814 815 6cd4e55a-6cd4e55c 813->815 818 6cd4e57c-6cd4e58c PyString_FromStringAndSize 814->818 816 6cd4e572-6cd4e579 815->816 817 6cd4e55e-6cd4e56c call 6cd4e130 815->817 816->818 820 6cd4e594-6cd4e59f 818->820 821 6cd4e58e-6cd4e593 818->821 823 6cd4e5a0-6cd4e5b5 820->823 824 6cd4e5c4-6cd4e5cc 823->824 825 6cd4e5b7-6cd4e5c1 Py_FatalError 823->825 826 6cd4e5e6-6cd4e5e9 824->826 827 6cd4e5ce-6cd4e5da InterlockedDecrement 824->827 825->824 828 6cd4e6e0-6cd4e6f2 fgetc 826->828 829 6cd4e5ef-6cd4e5fa 826->829 827->826 830 6cd4e5dc-6cd4e5e0 SetEvent 827->830 831 6cd4e707-6cd4e70b 828->831 833 6cd4e6f4-6cd4e700 828->833 829->831 832 6cd4e600-6cd4e614 fgetc 829->832 830->826 837 6cd4e70d-6cd4e717 Py_FatalError 831->837 838 6cd4e71a-6cd4e721 831->838 834 6cd4e616-6cd4e61a 832->834 835 6cd4e67a-6cd4e689 ferror 832->835 833->831 836 6cd4e702-6cd4e705 833->836 839 6cd4e642-6cd4e645 834->839 840 6cd4e61c-6cd4e626 834->840 843 6cd4e6cd-6cd4e6d1 835->843 844 6cd4e68b-6cd4e694 _errno 835->844 836->828 836->831 837->838 841 6cd4e723-6cd4e732 _errno 838->841 842 6cd4e74b-6cd4e766 838->842 851 6cd4e655-6cd4e658 839->851 852 6cd4e647-6cd4e653 839->852 849 6cd4e63e 840->849 850 6cd4e628-6cd4e63a fgetc 840->850 853 6cd4e734-6cd4e740 call 6cde79b0 841->853 854 6cd4e743-6cd4e749 _errno 841->854 845 6cd4e843-6cd4e84f 842->845 846 6cd4e76c-6cd4e76f 842->846 843->831 848 6cd4e6d3-6cd4e6d7 843->848 844->843 847 6cd4e696-6cd4e6b8 PyEval_RestoreThread PyErr_CheckSignals 844->847 855 6cd4e851-6cd4e860 _PyString_Resize 845->855 856 6cd4e862-6cd4e86b 845->856 857 6cd4e771-6cd4e780 ferror 846->857 858 6cd4e7a9-6cd4e7ad 846->858 859 6cd4e813-6cd4e819 847->859 860 6cd4e6be-6cd4e6c8 clearerr 847->860 848->831 849->839 850->835 861 6cd4e63c 850->861 862 6cd4e65e-6cd4e66a 851->862 863 6cd4e65a 851->863 852->862 853->854 854->842 855->856 865 6cd4e894-6cd4e89c 855->865 866 6cd4e786-6cd4e78f _errno 857->866 867 6cd4e830-6cd4e841 clearerr PyErr_CheckSignals 857->867 858->845 868 6cd4e7b3-6cd4e7c8 858->868 859->865 869 6cd4e81b-6cd4e82f 859->869 860->823 861->839 870 6cd4e671-6cd4e674 862->870 871 6cd4e66c-6cd4e66f 862->871 863->862 873 6cd4e791-6cd4e798 PyErr_CheckSignals 866->873 874 6cd4e7fc-6cd4e810 PyErr_SetFromErrnoWithFilenameObject clearerr 866->874 867->845 867->859 875 6cd4e86c-6cd4e886 PyErr_SetString 868->875 876 6cd4e7ce-6cd4e7dd _PyString_Resize 868->876 870->831 870->835 871->832 871->870 873->859 878 6cd4e79a-6cd4e7a4 clearerr 873->878 874->859 875->865 877 6cd4e888-6cd4e891 875->877 876->865 879 6cd4e7e3-6cd4e7f7 876->879 877->865 878->823 879->823
                                                                                        APIs
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?,?,?), ref: 6CD4E57F
                                                                                        • Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate), ref: 6CD4E5BC
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 6CD4E5D2
                                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?), ref: 6CD4E5E0
                                                                                        • fgetc.MSVCR90 ref: 6CD4E60A
                                                                                        • fgetc.MSVCR90 ref: 6CD4E630
                                                                                        • ferror.MSVCR90 ref: 6CD4E67E
                                                                                        • _errno.MSVCR90 ref: 6CD4E68B
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?,?,?,?,?), ref: 6CD4E69A
                                                                                        • PyErr_CheckSignals.PYTHON27(?,?,?,?,?,?,?,?,?), ref: 6CD4E6B1
                                                                                        • clearerr.MSVCR90(?,?,?,?,?,?,?,?,?,?), ref: 6CD4E6BF
                                                                                          • Part of subcall function 6CD4E130: Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate), ref: 6CD4E181
                                                                                          • Part of subcall function 6CD4E130: InterlockedDecrement.KERNEL32(?), ref: 6CD4E19C
                                                                                          • Part of subcall function 6CD4E130: SetEvent.KERNEL32(00000000), ref: 6CD4E1AA
                                                                                          • Part of subcall function 6CD4E130: memset.MSVCR90 ref: 6CD4E1BF
                                                                                          • Part of subcall function 6CD4E130: fgets.MSVCR90 ref: 6CD4E1CD
                                                                                          • Part of subcall function 6CD4E130: Py_FatalError.PYTHON27(PyEval_RestoreThread: NULL tstate), ref: 6CD4E1EA
                                                                                          • Part of subcall function 6CD4E130: _errno.MSVCR90 ref: 6CD4E1FB
                                                                                          • Part of subcall function 6CD4E130: InterlockedIncrement.KERNEL32(?), ref: 6CD4E219
                                                                                          • Part of subcall function 6CD4E130: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 6CD4E22F
                                                                                          • Part of subcall function 6CD4E130: GetCurrentThreadId.KERNEL32 ref: 6CD4E235
                                                                                          • Part of subcall function 6CD4E130: _errno.MSVCR90 ref: 6CD4E244
                                                                                          • Part of subcall function 6CD4E130: memchr.MSVCR90 ref: 6CD4E273
                                                                                        Strings
                                                                                        • PyEval_SaveThread: NULL tstate, xrefs: 6CD4E5B7
                                                                                        • line is longer than a Python string can hold, xrefs: 6CD4E872
                                                                                        • d, xrefs: 6CD4E572
                                                                                        • PyEval_RestoreThread: NULL tstate, xrefs: 6CD4E70D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalInterlocked_errno$DecrementEventThreadfgetc$CheckCurrentErr_Eval_FromIncrementObjectRestoreSignalsSingleSizeStringString_Waitclearerrferrorfgetsmemchrmemset
                                                                                        • String ID: PyEval_RestoreThread: NULL tstate$PyEval_SaveThread: NULL tstate$d$line is longer than a Python string can hold
                                                                                        • API String ID: 2239595103-3565407359
                                                                                        • Opcode ID: df0417646f776718bfd8e671a9e68e4df57df64d0f8087bbdd35c21bfa4fc519
                                                                                        • Instruction ID: 6051ee69cd13079dbe7d7ce46dfa83fa2778482e320680bdbc62eaceaf9be89c
                                                                                        • Opcode Fuzzy Hash: df0417646f776718bfd8e671a9e68e4df57df64d0f8087bbdd35c21bfa4fc519
                                                                                        • Instruction Fuzzy Hash: D5B1C470E01205EBDF00DFA9D84469EFBB4BF09328F148265DA15A7F60E335A945CBE2
                                                                                        Function 6CCAA620 Relevance: 52.7, APIs: 11, Strings: 19, Instructions: 227COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 882 6ccaa620-6ccaa63d 883 6ccaa63f call 6ccaa5b0 882->883 884 6ccaa644-6ccaa648 883->884 885 6ccaa64a-6ccaa65c PyErr_NoMemory 884->885 886 6ccaa667-6ccaa683 call 6cca98b0 884->886 887 6ccaa65e call 6cde8908 885->887 891 6ccaa68a-6ccaa6a6 call 6cca98b0 886->891 892 6ccaa685 886->892 889 6ccaa663-6ccaa666 887->889 895 6ccaa6a8 891->895 896 6ccaa6ad-6ccaa6c9 call 6cca98b0 891->896 892->891 895->896 899 6ccaa6cb 896->899 900 6ccaa6d0-6ccaa6f8 call 6cca98b0 * 2 896->900 899->900 905 6ccaa6fa call 6cda0900 900->905 906 6ccaa6ff-6ccaa7b2 call 6cca98b0 free Py_GetBuildInfo PyOS_snprintf call 6cca98b0 PyOS_snprintf call 6cca98b0 _getcwd call 6cca98b0 PySys_GetObject 900->906 905->906 916 6ccaa7b8-6ccaa7c2 906->916 917 6ccaa8c6-6ccaa8e7 PyString_FromString PyErr_SetObject 906->917 916->917 920 6ccaa7c8-6ccaa7d3 916->920 918 6ccaa8fa-6ccaa906 917->918 919 6ccaa8e9-6ccaa8ec 917->919 922 6ccaa909 call 6cde8908 918->922 919->918 921 6ccaa8ee-6ccaa8f7 919->921 923 6ccaa83f-6ccaa84f 920->923 924 6ccaa7d5-6ccaa7e5 920->924 921->918 927 6ccaa90e-6ccaa911 922->927 925 6ccaa85e-6ccaa877 923->925 926 6ccaa851 923->926 928 6ccaa806 924->928 929 6ccaa7e7-6ccaa804 PyString_AsStringAndSize 924->929 932 6ccaa87a-6ccaa884 925->932 931 6ccaa852 call 6cca9700 926->931 933 6ccaa809-6ccaa80b 928->933 929->933 934 6ccaa857-6ccaa85c 931->934 935 6ccaa893-6ccaa8ac 932->935 936 6ccaa886 932->936 937 6ccaa828-6ccaa835 call 6cca98b0 933->937 938 6ccaa80d-6ccaa826 call 6cca98b0 PyErr_Clear 933->938 934->925 934->932 939 6ccaa8af-6ccaa8bb 935->939 942 6ccaa887 call 6cca9700 936->942 948 6ccaa838-6ccaa83d 937->948 938->948 943 6ccaa8bd call 6cde8908 939->943 946 6ccaa88c-6ccaa891 942->946 947 6ccaa8c2-6ccaa8c5 943->947 946->935 946->939 948->923 948->924
                                                                                        APIs
                                                                                          • Part of subcall function 6CCAA5B0: isdigit.MSVCR90 ref: 6CCAA5D4
                                                                                          • Part of subcall function 6CCAA5B0: malloc.MSVCR90 ref: 6CCAA5F9
                                                                                          • Part of subcall function 6CCAA5B0: memmove.MSVCR90(00000000,$Revision$,00000000), ref: 6CCAA60B
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCAA64A
                                                                                          • Part of subcall function 6CDC0380: PyErr_GivenExceptionMatches.PYTHON27(00000000,6CEE67A8,?,6CD77E82,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CDC0396
                                                                                          • Part of subcall function 6CDC0380: PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CDC03B3
                                                                                        • free.MSVCR90 ref: 6CCAA711
                                                                                        • Py_GetBuildInfo.PYTHON27([MSC v.1500 32 bit (Intel)]), ref: 6CCAA71F
                                                                                        • PyOS_snprintf.PYTHON27(6CF22138,000000FA,%.80s (%.80s) %.80s,2.7.18,00000000,[MSC v.1500 32 bit (Intel)]), ref: 6CCAA739
                                                                                        • PyOS_snprintf.PYTHON27(?,00000104,%I64d,?,?,executable-version,6CF22138,6CF22138,000000FA,%.80s (%.80s) %.80s,2.7.18,00000000,[MSC v.1500 32 bit (Intel)]), ref: 6CCAA76B
                                                                                        • _getcwd.MSVCR90 ref: 6CCAA78E
                                                                                        • PySys_GetObject.PYTHON27(path,current-directory,00000000), ref: 6CCAA7A6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ObjectS_snprintf$BuildExceptionGivenInfoMatchesMemorySys__getcwdfreeisdigitmallocmemmove
                                                                                        • String ID: %.80s (%.80s) %.80s$%I64d$2.7.18$<non-string-path-entry>$[MSC v.1500 32 bit (Intel)]$current-directory$executable$executable-version$hotshot-version$path$platform$reported-performance-frequency$requested-frame-timings$requested-line-events$requested-line-timings$sys-path-entry$sys.path must be a list$win32$yes
                                                                                        • API String ID: 200927239-4293030901
                                                                                        • Opcode ID: 89b93b56f0b0fa2146243510bb1ba342883dc163e787789e32498a7d648b88b1
                                                                                        • Instruction ID: 52e3e4e3d3998aa338a943617d038d4a72e4a8f6140201e50c066f39bf77f20e
                                                                                        • Opcode Fuzzy Hash: 89b93b56f0b0fa2146243510bb1ba342883dc163e787789e32498a7d648b88b1
                                                                                        • Instruction Fuzzy Hash: 62711B757047015BE2149BA89C49FAF73B49B85318F044928E8558BFA0FB25E90FCBE6
                                                                                        Function 6CCA4890 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 207threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 949 6cca4890-6cca48b2 Py_ReprEnter 950 6cca48e2-6cca48f3 PyObject_GetIter 949->950 951 6cca48b4 949->951 954 6cca48f9-6cca4915 PyEval_SaveThread fputs PyEval_RestoreThread 950->954 955 6cca4ac7-6cca4ad0 950->955 952 6cca48ba-6cca48e1 PyEval_SaveThread fputs PyEval_RestoreThread 951->952 953 6cca4aef-6cca4af5 951->953 956 6cca4918-6cca4928 954->956 958 6cca492e-6cca4944 956->958 959 6cca4a17-6cca4a22 956->959 962 6cca4953-6cca495a 958->962 963 6cca4946-6cca4950 Py_FatalError 958->963 960 6cca4a3d-6cca4a4c Py_ReprLeave 959->960 961 6cca4a24-6cca4a36 PyErr_GivenExceptionMatches 959->961 967 6cca4a5a-6cca4a64 960->967 968 6cca4a4e-6cca4a57 960->968 961->960 966 6cca4a38 PyErr_Clear 961->966 964 6cca497e-6cca4992 fputs 962->964 965 6cca495c-6cca496e InterlockedDecrement 962->965 963->962 971 6cca49a1-6cca49a8 964->971 972 6cca4994-6cca499e Py_FatalError 964->972 969 6cca497a 965->969 970 6cca4970-6cca4974 SetEvent 965->970 966->960 967->955 973 6cca4a66-6cca4a73 PyEval_SaveThread 967->973 968->967 969->964 970->969 974 6cca49aa-6cca49ba _errno 971->974 975 6cca49d6-6cca49f7 call 6cd657a0 971->975 972->971 977 6cca4ad1-6cca4aed fprintf PyEval_RestoreThread 973->977 978 6cca4a75-6cca4a98 fputs PyEval_RestoreThread 973->978 979 6cca49bc-6cca49c3 call 6cde79b0 974->979 980 6cca49c6-6cca49d2 _errno 974->980 985 6cca4a99-6cca4a9c 975->985 986 6cca49fd-6cca4a00 975->986 977->953 979->980 980->975 988 6cca4aaa-6cca4aad 985->988 989 6cca4a9e-6cca4aa7 985->989 986->956 987 6cca4a06-6cca4a12 986->987 987->956 990 6cca4abb-6cca4ac4 Py_ReprLeave 988->990 991 6cca4aaf-6cca4ab8 988->991 989->988 990->955 991->990
                                                                                        APIs
                                                                                        • Py_ReprEnter.PYTHON27 ref: 6CCA48A8
                                                                                          • Part of subcall function 6CD67E70: PyDict_New.PYTHON27 ref: 6CD67E8E
                                                                                          • Part of subcall function 6CD67E70: PyErr_Clear.PYTHON27 ref: 6CD67EA0
                                                                                          • Part of subcall function 6CD67E70: PyString_FromString.PYTHON27(Py_Repr), ref: 6CD67EBB
                                                                                          • Part of subcall function 6CD67E70: PyDict_GetItem.PYTHON27(?,00000000), ref: 6CD67ECB
                                                                                          • Part of subcall function 6CD67E70: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD67F4F
                                                                                          • Part of subcall function 6CD67E70: PyDict_SetItemString.PYTHON27(?,Py_Repr,00000000), ref: 6CD67F81
                                                                                          • Part of subcall function 6CD67E70: PyList_Append.PYTHON27(-000000FF,000000FE), ref: 6CD67FBE
                                                                                        • fputs.MSVCR90 ref: 6CCA48CA
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000), ref: 6CCA48D1
                                                                                          • Part of subcall function 6CDAE540: Py_FatalError.PYTHON27(PyEval_RestoreThread: NULL tstate,?,?,6CDC67F6,00000000,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE550
                                                                                          • Part of subcall function 6CDAE540: _errno.MSVCR90 ref: 6CDAE569
                                                                                          • Part of subcall function 6CDAE540: _errno.MSVCR90 ref: 6CDAE585
                                                                                        • PyEval_SaveThread.PYTHON27 ref: 6CCA48BA
                                                                                          • Part of subcall function 6CDAE4E0: Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate,00000000,6CDC67DA,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE4FA
                                                                                          • Part of subcall function 6CDAE4E0: InterlockedDecrement.KERNEL32(?), ref: 6CDAE516
                                                                                          • Part of subcall function 6CDAE4E0: SetEvent.KERNEL32(?,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE524
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA48E3
                                                                                        • PyEval_SaveThread.PYTHON27 ref: 6CCA48F9
                                                                                        • fputs.MSVCR90 ref: 6CCA4909
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000), ref: 6CCA4910
                                                                                        • Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate), ref: 6CCA494B
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 6CCA4966
                                                                                        • SetEvent.KERNEL32(?), ref: 6CCA4974
                                                                                        • fputs.MSVCR90 ref: 6CCA4987
                                                                                        • Py_FatalError.PYTHON27(PyEval_RestoreThread: NULL tstate), ref: 6CCA4999
                                                                                        • _errno.MSVCR90 ref: 6CCA49AA
                                                                                        • _errno.MSVCR90 ref: 6CCA49C6
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CCA4A2C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatal$Eval_Thread_errno$Dict_fputs$DecrementErr_EventInterlockedItemRestoreSaveString$AppendClearEnterExceptionFromGivenIterList_MatchesObject_ReprString_
                                                                                        • String ID: PyEval_RestoreThread: NULL tstate$PyEval_SaveThread: NULL tstate$[...]$], maxlen=%d)$deque([
                                                                                        • API String ID: 3753504503-3822557589
                                                                                        • Opcode ID: c34ddde772726e5bf005ec8f9af5a96bdff18a8e8240702dd542ec0931e9b66a
                                                                                        • Instruction ID: faf9f345fdc7261044f349995fcf7bbb0b26a71396d20c9a8a323c04432ba005
                                                                                        • Opcode Fuzzy Hash: c34ddde772726e5bf005ec8f9af5a96bdff18a8e8240702dd542ec0931e9b66a
                                                                                        • Instruction Fuzzy Hash: 3961C7B6A001029BD740DFE4EC44A9A77B8EB49338F144224F92897B50FB35ED56C7E6
                                                                                        Function 6CDC5710 Relevance: 45.9, APIs: 15, Strings: 11, Instructions: 409stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strchr.MSVCR90 ref: 6CDC575F
                                                                                        • strchr.MSVCR90 ref: 6CDC577D
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006DD), ref: 6CDC57E1
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%s%s takes at most %d argument%s (%d given),?,6CDEAFEC,00000000,6CDEAF8E), ref: 6CDC582F
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CDC58AF
                                                                                        • PyDict_GetItem.PYTHON27(?,00000000), ref: 6CDC58C7
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,Argument given by name ('%s') and position (%d),?,?), ref: 6CDC5904
                                                                                        • PyErr_Format.PYTHON27(6CEE5248,more argument specifiers than keyword list entries (remaining format:'%s'),?), ref: 6CDC5A23
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,Required argument '%s' (pos %d) not found,?,?), ref: 6CDC5A53
                                                                                        • PyErr_Format.PYTHON27(6CEE5248,More keyword list entries (%d) than format specifiers (%d),?,00000000), ref: 6CDC5A9F
                                                                                        • PyDict_Next.PYTHON27 ref: 6CDC5AFD
                                                                                        • PyString_AsString.PYTHON27(?,?,?,?,?), ref: 6CDC5B26
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%s' is an invalid keyword argument for this function,00000000,?,?,?,?,?), ref: 6CDC5B7A
                                                                                        • PyDict_Next.PYTHON27(?,?,?,?,?,?,?,?,?), ref: 6CDC5B9B
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,keywords must be strings,?,?,?,?), ref: 6CDC5BDA
                                                                                        Strings
                                                                                        • Required argument '%s' (pos %d) not found, xrefs: 6CDC5A3A
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CDC57DB
                                                                                        • Argument given by name ('%s') and position (%d), xrefs: 6CDC58FE
                                                                                        • '%s' is an invalid keyword argument for this function, xrefs: 6CDC5B74
                                                                                        • more argument specifiers than keyword list entries (remaining format:'%s'), xrefs: 6CDC5A1D
                                                                                        • %s: '%s', xrefs: 6CDC5A4D
                                                                                        • %s%s takes at most %d argument%s (%d given), xrefs: 6CDC5829
                                                                                        • More keyword list entries (%d) than format specifiers (%d), xrefs: 6CDC5A99
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CDC57D6
                                                                                        • keywords must be strings, xrefs: 6CDC5BD4
                                                                                        • function, xrefs: 6CDC5819, 6CDC5828
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Format$Dict_String$NextString_strchr$FromItem
                                                                                        • String ID: %s%s takes at most %d argument%s (%d given)$%s: '%s'$%s:%d: bad argument to internal function$'%s' is an invalid keyword argument for this function$..\Objects\dictobject.c$Argument given by name ('%s') and position (%d)$More keyword list entries (%d) than format specifiers (%d)$Required argument '%s' (pos %d) not found$function$keywords must be strings$more argument specifiers than keyword list entries (remaining format:'%s')
                                                                                        • API String ID: 3616505498-1988118272
                                                                                        • Opcode ID: 642eb6abd6590a2456268c346e5161674792a0fdb956812f5fbbaedb6e9ed380
                                                                                        • Instruction ID: b5deb28c41488401637931c12a307d9c7e1cb36b7c78351cf307729db9ce8606
                                                                                        • Opcode Fuzzy Hash: 642eb6abd6590a2456268c346e5161674792a0fdb956812f5fbbaedb6e9ed380
                                                                                        • Instruction Fuzzy Hash: 93D1EF717082019FD704CF59D880A6BB7F9EF88318F544A1DF89987660EB31E846DBA3
                                                                                        Function 6CD2BD70 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 230COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetBuffer.PYTHON27(?,?,0000011D), ref: 6CD2BDD4
                                                                                        • PyObject_GetBuffer.PYTHON27(?,?,0000011C), ref: 6CD2BDEF
                                                                                          • Part of subcall function 6CD2B8D0: PyErr_Format.PYTHON27(6CEE48B0,'%100s' does not have the buffer interface,?), ref: 6CD2B90F
                                                                                        • PyBuffer_Release.PYTHON27(?), ref: 6CD2BE00
                                                                                        • PyErr_SetString.PYTHON27(6CEE6898,destination is too small to receive data from source), ref: 6CD2BE27
                                                                                        • PyBuffer_Release.PYTHON27(?,6CEE6898,destination is too small to receive data from source), ref: 6CD2BE31
                                                                                        • PyBuffer_Release.PYTHON27(?,?,6CEE6898,destination is too small to receive data from source), ref: 6CD2BE3B
                                                                                        • PyString_FromString.PYTHON27(both destination and source must have the buffer interface), ref: 6CD2BFB6
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,both destination and source must have the buffer interface), ref: 6CD2BFBF
                                                                                        Strings
                                                                                        • both destination and source must have the buffer interface, xrefs: 6CD2BFB1
                                                                                        • destination is too small to receive data from source, xrefs: 6CD2BE21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Buffer_Err_Release$BufferObject_String$FormatFromObjectString_
                                                                                        • String ID: both destination and source must have the buffer interface$destination is too small to receive data from source
                                                                                        • API String ID: 32417970-1250155686
                                                                                        • Opcode ID: 282a20260e2e5491c16b8353be6a848ce71ab7d7de9205b21c5c14e9622ca392
                                                                                        • Instruction ID: 715e91510e294d965b710d6cf5271c6c4289d9807d94c12ef6b3abb7cc9f40a7
                                                                                        • Opcode Fuzzy Hash: 282a20260e2e5491c16b8353be6a848ce71ab7d7de9205b21c5c14e9622ca392
                                                                                        • Instruction Fuzzy Hash: 47610972504200ABD310DB25D840A9FB3F8DFC572CF100A59EF5583AA1E77AD9098AE1
                                                                                        Function 6CD4B1F0 Relevance: 39.1, APIs: 26, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_Ready.PYTHON27(6CEE4658), ref: 6CD4B1FC
                                                                                        • PyType_Ready.PYTHON27(6CEE4720), ref: 6CD4B21A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ReadyType_
                                                                                        • String ID:
                                                                                        • API String ID: 1795249144-0
                                                                                        • Opcode ID: aa03e372208559064852cae9b3ca3c0c2e48688d3d810ef2b9637f37e78ae301
                                                                                        • Instruction ID: e9578efe1462e585cce81c1695d9c473bd9d62f9ddfd3d54e21d3e116353d78b
                                                                                        • Opcode Fuzzy Hash: aa03e372208559064852cae9b3ca3c0c2e48688d3d810ef2b9637f37e78ae301
                                                                                        • Instruction Fuzzy Hash: A5312895D06E0523A12017AA3D49B6F706A4F6428CF19963BED4DD0E72F621E629C0BB
                                                                                        Function 6CDA0430 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 271registrystringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • malloc.MSVCR90 ref: 6CDA0483
                                                                                        • memcpy.MSVCR90(00000000,6CF22F2C,?,00000000), ref: 6CDA04BE
                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?,?,?,00000000), ref: 6CDA04FE
                                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,00000000), ref: 6CDA052A
                                                                                        • malloc.MSVCR90 ref: 6CDA0551
                                                                                        • memset.MSVCR90 ref: 6CDA057B
                                                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 6CDA05C2
                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,00000000,?,?,?,?,?,?,00000000), ref: 6CDA05EB
                                                                                        • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000105,?,?,?,?,?,?,00000000), ref: 6CDA0611
                                                                                        • malloc.MSVCR90 ref: 6CDA061E
                                                                                        • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000105,?,?,?,?,?,?,?,00000000), ref: 6CDA0643
                                                                                        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,00000000), ref: 6CDA0662
                                                                                        • malloc.MSVCR90 ref: 6CDA0685
                                                                                        • strncpy.MSVCR90 ref: 6CDA06DE
                                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6CDA072E
                                                                                        • free.MSVCR90 ref: 6CDA0758
                                                                                        • free.MSVCR90 ref: 6CDA076B
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 6CDA0782
                                                                                        • free.MSVCR90 ref: 6CDA0793
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Querymalloc$Valuefree$CloseOpen$EnumInfomemcpymemsetstrncpy
                                                                                        • String ID: Software\Python\PythonCore\$\PythonPath
                                                                                        • API String ID: 1430883583-3737880225
                                                                                        • Opcode ID: 640dfc5d081922e4830617ad03087f2c72b957995e4ae16f84a37303f846a7ab
                                                                                        • Instruction ID: 5555f23b5dbfd9eefe3dd36d0ac30c7a3fc3d0ece7f5d47562f4e55cbf794562
                                                                                        • Opcode Fuzzy Hash: 640dfc5d081922e4830617ad03087f2c72b957995e4ae16f84a37303f846a7ab
                                                                                        • Instruction Fuzzy Hash: 28A16570A002699FEB14CF64CC85BEA7BBCEF49744F144195EA09A7250D770AE85CFA0
                                                                                        Function 6CCADDF0 Relevance: 36.9, APIs: 11, Strings: 10, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,O:make_scanner,6CF0B7F0,?), ref: 6CCADE0A
                                                                                        • PyObject_GetAttrString.PYTHON27(?,encoding), ref: 6CCADE3F
                                                                                        • PyString_InternFromString.PYTHON27(utf-8), ref: 6CCADE7A
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,encoding must be a string, not %.80s,?), ref: 6CCADEDB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Arg_AttrErr_FormatFromInternKeywordsObject_ParseString_Tuple
                                                                                        • String ID: O:make_scanner$encoding$encoding must be a string, not %.80s$object_hook$object_pairs_hook$parse_constant$parse_float$parse_int$strict$utf-8
                                                                                        • API String ID: 1133056520-3636494817
                                                                                        • Opcode ID: 5736432071c07a4b885d103aad3de8641c6c6244decffdff51c11d253e87328e
                                                                                        • Instruction ID: 124d44aeab8266d0a478a5812298b41ce37b3c09fab2e1286ecb99098caa459d
                                                                                        • Opcode Fuzzy Hash: 5736432071c07a4b885d103aad3de8641c6c6244decffdff51c11d253e87328e
                                                                                        • Instruction Fuzzy Hash: BC41A2B1A00702ABD710CFF5DC44A9B73B8AF49358F144A58EC18D7BA0FB35E90687A1
                                                                                        Function 6CCBA0B0 Relevance: 35.3, APIs: 7, Strings: 13, Instructions: 285COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isspace.MSVCR90 ref: 6CCBA0F9
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCBA174
                                                                                        • PyString_FromString.PYTHON27(total struct size too long), ref: 6CCBA223
                                                                                        • PyErr_SetObject.PYTHON27(00000000,00000000,total struct size too long), ref: 6CCBA22C
                                                                                        • malloc.MSVCR90 ref: 6CCBA27D
                                                                                        • free.MSVCR90 ref: 6CCBA29F
                                                                                        • isspace.MSVCR90 ref: 6CCBA2C9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_isspace$FromMemoryObjectStringString_freemalloc
                                                                                        • String ID: 0$0$0$0$9$9$p$p$s$s$total struct size too long$x$x
                                                                                        • API String ID: 4246848272-282387100
                                                                                        • Opcode ID: b1470f566bcc5228c53b22a9448dd84370b1b096c3b65ad6bbc66a61d4b3c93a
                                                                                        • Instruction ID: 0a153ac608e145af18877c2225a144723c20a28cdefb56e948454affc03a5ced
                                                                                        • Opcode Fuzzy Hash: b1470f566bcc5228c53b22a9448dd84370b1b096c3b65ad6bbc66a61d4b3c93a
                                                                                        • Instruction Fuzzy Hash: 3FA1D571A496428FD700CFA9C45035AB7E5EFC2328F18461AE8E8A7791F735D849CB82
                                                                                        Function 6CD657A0 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5248,print recursion,?,?,6CD50298,00000001,00000000,?,00000000), ref: 6CD657B7
                                                                                        • PyErr_CheckSignals.PYTHON27(?,?,6CD50298,00000001,00000000,?,00000000), ref: 6CD657C5
                                                                                        • PyOS_CheckStack.PYTHON27(?,?,6CD50298,00000001,00000000,?,00000000), ref: 6CD657CE
                                                                                        • PyErr_SetString.PYTHON27(6CEE67A8,stack overflow,?,?,6CD50298,00000001,00000000,?,00000000), ref: 6CD657E3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$CheckString$SignalsStack
                                                                                        • String ID: <nil>$<refcnt %ld at %p>$print recursion$stack overflow
                                                                                        • API String ID: 1213917722-2658149411
                                                                                        • Opcode ID: fdd728dc8ec4d5872d2614b0c8816fc5d43098b67f73c4e09eb576dc580790ae
                                                                                        • Instruction ID: aeb99e103513007478af6e83db058b0029c61c2e438ce15d1dbbb3cc0bce631a
                                                                                        • Opcode Fuzzy Hash: fdd728dc8ec4d5872d2614b0c8816fc5d43098b67f73c4e09eb576dc580790ae
                                                                                        • Instruction Fuzzy Hash: 24315D71A01201DBDB009FBA9C4499B77BCAF8632CF140729F81556F62FB25D956C3B2
                                                                                        Function 6CCB8880 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_Ready.PYTHON27(6CF0A140), ref: 6CCB8889
                                                                                        • PyType_Ready.PYTHON27(6CF0A7B0), ref: 6CCB889E
                                                                                        • PyType_Ready.PYTHON27(6CF0A8D0), ref: 6CCB88B3
                                                                                        • Py_InitModule4.PYTHON27(_sre,6CF0A998,00000000,00000000,000003F5), ref: 6CCB88D4
                                                                                        • PyModule_GetDict.PYTHON27(00000000), ref: 6CCB88E7
                                                                                          • Part of subcall function 6CD65170: PyType_IsSubtype.PYTHON27(F08BFC45,?,00000000,?,?,6CD55195,00000000), ref: 6CD6518B
                                                                                          • Part of subcall function 6CD65170: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\moduleobject.c,00000032,6CD55195,00000000), ref: 6CD651A9
                                                                                        • PyInt_FromLong.PYTHON27(0131A629,00000000), ref: 6CCB88F6
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,MAGIC,00000000), ref: 6CCB890B
                                                                                          • Part of subcall function 6CD47460: PyString_FromString.PYTHON27(00000000,?,?,6CD650D7,00000000,__name__,00000000,?,00000014,?,6CDCDEB4), ref: 6CD47468
                                                                                        • PyInt_FromLong.PYTHON27(00000004), ref: 6CCB8926
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,CODESIZE,00000000), ref: 6CCB893B
                                                                                        • _PyLong_New.PYTHON27(00000001), ref: 6CCB896A
                                                                                        • PyDict_SetItemString.PYTHON27(?,MAXREPEAT,00000000), ref: 6CCB899F
                                                                                        • PyString_FromString.PYTHON27( SRE 2.2.2 Copyright (c) 1997-2002 by Secret Labs AB ), ref: 6CCB89BD
                                                                                        • PyDict_SetItemString.PYTHON27(?,copyright,00000000), ref: 6CCB89D6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Dict_FromItemType_$Ready$Int_LongString_$DictErr_FormatInitLong_Module4Module_Subtype
                                                                                        • String ID: SRE 2.2.2 Copyright (c) 1997-2002 by Secret Labs AB $CODESIZE$MAGIC$MAXREPEAT$_sre$copyright
                                                                                        • API String ID: 2678407790-2209444679
                                                                                        • Opcode ID: 5e4af51f6be108211dcec418b786c46ebe4e325f00e7531a941ceea7543ca136
                                                                                        • Instruction ID: 84060cb8e921cbfea49aaa516e56f697bb9fbf7e7dba1668ef79a103364c05e4
                                                                                        • Opcode Fuzzy Hash: 5e4af51f6be108211dcec418b786c46ebe4e325f00e7531a941ceea7543ca136
                                                                                        • Instruction Fuzzy Hash: DA314CB2D0120267DA1057A59C41DBB32A89F5067CB290729ED19B7B61F739DD09C2F3
                                                                                        Function 00401540 Relevance: 33.3, APIs: 9, Strings: 10, Instructions: 91libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(?,00000001,ZLIB.PYD), ref: 00401556
                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00401562
                                                                                        • LockResource.KERNEL32(00000000), ref: 00401571
                                                                                          • Part of subcall function 00402520: _stricmp.MSVCR90(00000000,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 0040253C
                                                                                          • Part of subcall function 00402520: SetLastError.KERNEL32(0000000B,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 0040255E
                                                                                        • _snprintf.MSVCR90 ref: 004015C5
                                                                                        • LoadLibraryA.KERNEL32(?), ref: 004015D3
                                                                                        • GetProcAddress.KERNEL32(00000000,initzlib), ref: 004015E3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$Load$AddressErrorFindLastLibraryLockProc_snprintf_stricmp
                                                                                        • String ID: %s\%s$<pythondll>$<zlib.pyd>$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\common.bin$ZLIB.PYD$initzlib$initzlib$zlib.pyd$zlib.pyd
                                                                                        • API String ID: 2010571536-2633363762
                                                                                        • Opcode ID: ae8171121ff50720c6090cc407aa1a891991b12c19434c239d70883ea56e5c8f
                                                                                        • Instruction ID: 80c5690bec49cf3331e261639d2591b172880e98f7e07ff1acb0629b34ba171b
                                                                                        • Opcode Fuzzy Hash: ae8171121ff50720c6090cc407aa1a891991b12c19434c239d70883ea56e5c8f
                                                                                        • Instruction Fuzzy Hash: 0A21F7B1A4130177E62067606D4AFAB325C9F91B08F08043AFE06F92D0FA7DDA0485BE
                                                                                        Function 6CCA7600 Relevance: 33.3, APIs: 11, Strings: 8, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_Ready.PYTHON27(6CF0E5E8), ref: 6CCA7605
                                                                                        • PyType_Ready.PYTHON27(6CF0E710), ref: 6CCA761A
                                                                                        • PyType_Ready.PYTHON27(6CF0E9B8), ref: 6CCA762F
                                                                                        • Py_InitModule4.PYTHON27(_csv,6CF0FA70,CSV parsing and writing.This module provides classes that assist in the reading and writingof Comma Separated Value (CSV) files, and implements the interfacedescribed by PEP 305. Although many CSV files are simple to parse,the format is not formally defi,00000000,000003F5), ref: 6CCA7656
                                                                                        • PyModule_AddStringConstant.PYTHON27(00000000,__version__,1.0), ref: 6CCA7673
                                                                                          • Part of subcall function 6CDCED90: PyString_FromString.PYTHON27(6CCA7678,?,?,6CCA7678,00000000,__version__,1.0), ref: 6CDCED98
                                                                                          • Part of subcall function 6CDCED90: PyModule_AddObject.PYTHON27(?,?,00000000,1.0), ref: 6CDCEDAF
                                                                                        • PyDict_New.PYTHON27 ref: 6CCA7684
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • PyModule_AddObject.PYTHON27(00000000,_dialects,00000000), ref: 6CCA769D
                                                                                          • Part of subcall function 6CDCEC70: PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        • PyModule_AddIntConstant.PYTHON27(00000000,?,00000000), ref: 6CCA76BF
                                                                                          • Part of subcall function 6CDCED40: PyInt_FromLong.PYTHON27(00000000,6CF0E478,?,6CCA76C4,00000000,?,00000000), ref: 6CDCED48
                                                                                          • Part of subcall function 6CDCED40: PyModule_AddObject.PYTHON27(?,?,00000000), ref: 6CDCED5F
                                                                                        • PyModule_AddObject.PYTHON27(00000000,Dialect,6CF0E5E8), ref: 6CCA76E5
                                                                                        • PyErr_NewException.PYTHON27(_csv.Error,00000000,00000000), ref: 6CCA76F8
                                                                                        • PyModule_AddObject.PYTHON27(00000000,Error,00000000), ref: 6CCA7710
                                                                                        Strings
                                                                                        • _csv, xrefs: 6CCA7651
                                                                                        • _dialects, xrefs: 6CCA7697
                                                                                        • _csv.Error, xrefs: 6CCA76F3
                                                                                        • 1.0, xrefs: 6CCA7668
                                                                                        • __version__, xrefs: 6CCA766D
                                                                                        • Error, xrefs: 6CCA770A
                                                                                        • CSV parsing and writing.This module provides classes that assist in the reading and writingof Comma Separated Value (CSV) files, and implements the interfacedescribed by PEP 305. Although many CSV files are simple to parse,the format is not formally defi, xrefs: 6CCA7647
                                                                                        • Dialect, xrefs: 6CCA76DF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Module_$Object$StringType_$FromReady$ConstantErr_String_$Dict_ExceptionInitInt_LongModule4Subtype
                                                                                        • String ID: 1.0$CSV parsing and writing.This module provides classes that assist in the reading and writingof Comma Separated Value (CSV) files, and implements the interfacedescribed by PEP 305. Although many CSV files are simple to parse,the format is not formally defi$Dialect$Error$__version__$_csv$_csv.Error$_dialects
                                                                                        • API String ID: 147260570-1047355127
                                                                                        • Opcode ID: cd574d91bc24c3056c9db8b3526ecc0c737b5e68bdb219f43e0ea7f53a10a863
                                                                                        • Instruction ID: 07a6d5217de11776ee3c3fd4527cba8186a41456c9a7bd51cb6a3c955d056a8f
                                                                                        • Opcode Fuzzy Hash: cd574d91bc24c3056c9db8b3526ecc0c737b5e68bdb219f43e0ea7f53a10a863
                                                                                        • Instruction Fuzzy Hash: 3C21DEA5B0020232F21207A42D4AB7A32A86B6171DB180D25FC84D2FB6F721D51AA3F7
                                                                                        Function 004013E0 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 93filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(?,00000001,PYTHON27.DLL), ref: 00401408
                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00401414
                                                                                        • LockResource.KERNEL32(00000000), ref: 0040141B
                                                                                        • GetLastError.KERNEL32(Could not load python dll), ref: 0040143C
                                                                                          • Part of subcall function 00401180: GetModuleFileNameA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\pyexec.exe,00000304,00401245,?,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040118F
                                                                                          • Part of subcall function 00401180: GetLastError.KERNEL32(Retrieving module name,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040119E
                                                                                          • Part of subcall function 00401350: CreateFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\common.bin,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00401464,?), ref: 00401365
                                                                                        • strncmp.MSVCR90 ref: 00401478
                                                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 00401499
                                                                                        • _snprintf.MSVCR90 ref: 004014BD
                                                                                        • GetLastError.KERNEL32(LoadLibrary(pythondll) failed), ref: 004014DB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastResource$CreateFindLoadLockModuleNameUnmapView_snprintfstrncmp
                                                                                        • String ID: %s\%s$<pythondll>$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\common.bin$Could not load python dll$LoadLibrary(pythondll) failed$PYTHON27.DLL$PYTHON27.DLL$PYTHON27.DLL$PYTHON27.DLL
                                                                                        • API String ID: 948983971-732450146
                                                                                        • Opcode ID: e5fa7c13f66c1b1b8e088db1ac7ea836e05937aadb5f2d225cdafa8ad45d128f
                                                                                        • Instruction ID: 9a0feed5ddbe4cddfef8bd4aac7050c8a6037310be6a08d4b3341eb70d5cfa45
                                                                                        • Opcode Fuzzy Hash: e5fa7c13f66c1b1b8e088db1ac7ea836e05937aadb5f2d225cdafa8ad45d128f
                                                                                        • Instruction Fuzzy Hash: 9721C9B1A4070067E721B7B0AD0BB9B325C9F80B49F54043AFB45F51E1FABC9A0446AE
                                                                                        Function 6CCB6C50 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 393COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyCallable_Check.PYTHON27 ref: 6CCB6C62
                                                                                          • Part of subcall function 6CD67170: PyObject_GetAttrString.PYTHON27(6CD2F42C,__call__,?,6CD2F42C,00000000), ref: 6CD6718B
                                                                                          • Part of subcall function 6CD67170: PyErr_Clear.PYTHON27(6CD2F42C,00000000), ref: 6CD67197
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCB6D6F
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB6DAB
                                                                                        • free.MSVCR90 ref: 6CCB6E12
                                                                                        • PySequence_GetSlice.PYTHON27(?,?,?,?), ref: 6CCB6ECD
                                                                                        • PyList_Append.PYTHON27(?,00000000,?,?,?), ref: 6CCB6EE5
                                                                                        • PyTuple_Pack.PYTHON27(00000001,00000000,?), ref: 6CCB6F44
                                                                                        • PyEval_CallObjectWithKeywords.PYTHON27(?,00000000,00000000,?,?,?), ref: 6CCB6F5E
                                                                                        • PyList_Append.PYTHON27(?,?), ref: 6CCB6FA8
                                                                                        • PySequence_GetSlice.PYTHON27(?,?,?,?), ref: 6CCB7034
                                                                                        • PyList_Append.PYTHON27(?,00000000,?,?,?), ref: 6CCB7048
                                                                                        • _Py_BuildValue_SizeT.PYTHON27(6CE8FD28,00000000,?,?), ref: 6CCB70E5
                                                                                          • Part of subcall function 6CCB5FD0: PyErr_SetString.PYTHON27(6CEE5248,internal error in regular expression user), ref: 6CCB5FEA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AppendList_$Err_Object_Sequence_SliceString$AttrBuildCallCallable_CheckClearErrorEval_FatalKeywordsMallocObjectPackSizeTuple_Value_Withfree
                                                                                        • String ID: GC object already tracked$_subx
                                                                                        • API String ID: 255113379-2325474022
                                                                                        • Opcode ID: 2410992b20c9448c795e330559d1d7bed9a32a174cb473303c04bdf0ccba20b8
                                                                                        • Instruction ID: d33beb91bf53b7548d3285a257e92b3fc1f43fef50809488e3c2add661d4f073
                                                                                        • Opcode Fuzzy Hash: 2410992b20c9448c795e330559d1d7bed9a32a174cb473303c04bdf0ccba20b8
                                                                                        • Instruction Fuzzy Hash: 24E185B1A047018FC714CFA8D88065BB7F4BF84328F15462DF958A7751E735E946CBA2
                                                                                        Function 6CCAB070 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 359COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE67A8), ref: 6CCAB0F4
                                                                                        • PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CCAB114
                                                                                        • PyUnicodeUCS2_DecodeUTF8Stateful.PYTHON27(?,?,strict,00000000), ref: 6CCAB145
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,Negative size passed to PyString_FromStringAndSize), ref: 6CCAB21B
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,string is too large), ref: 6CCAB245
                                                                                        • PyObject_Malloc.PYTHON27(00000017), ref: 6CCAB255
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCAB261
                                                                                          • Part of subcall function 6CDC0380: PyErr_GivenExceptionMatches.PYTHON27(00000000,6CEE67A8,?,6CD77E82,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CDC0396
                                                                                          • Part of subcall function 6CDC0380: PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CDC03B3
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CCAB293
                                                                                        • memcpy.MSVCR90(00000015,?,?), ref: 6CCAB2C9
                                                                                        • _PyString_Resize.PYTHON27(?,?), ref: 6CCAB341
                                                                                        • _PyString_Resize.PYTHON27(?,?), ref: 6CCAB377
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE67A8), ref: 6CCAB3B4
                                                                                        • PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CCAB3D7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ExceptionGivenMatchesObjectString_$ResizeString$DecodeInternMallocMemoryObject_PlaceStatefulUnicodememcpy
                                                                                        • String ID: Negative size passed to PyString_FromStringAndSize$hl$strict$string is too large
                                                                                        • API String ID: 2040566279-3469350143
                                                                                        • Opcode ID: 1fd4cd96b27749235b58fc93d85c53f6a701d9fa38d50e706e8949cde3619613
                                                                                        • Instruction ID: 4da1244ef90d91e1b0ad8a96425cfeadbd044bd7d4f3b1fad93937bea09231c4
                                                                                        • Opcode Fuzzy Hash: 1fd4cd96b27749235b58fc93d85c53f6a701d9fa38d50e706e8949cde3619613
                                                                                        • Instruction Fuzzy Hash: 60C1E3B6A052078FC700CFE9D8D885A73E4EB89328725476EE925C7B91F731D8478B91
                                                                                        Function 6CCA7720 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 245COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27 ref: 6CCA774F
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA776E
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,reduce() arg 2 must support iteration), ref: 6CCA778C
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000002), ref: 6CCA77E9
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA7817
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000002), ref: 6CCA7889
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA78B1
                                                                                        • PyTuple_SetItem.PYTHON27(00000000,00000000,?), ref: 6CCA790F
                                                                                        • PyTuple_SetItem.PYTHON27(00000000,00000001,00000000,00000000,00000000,?), ref: 6CCA7918
                                                                                        • PyEval_CallObjectWithKeywords.PYTHON27(?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?), ref: 6CCA7925
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CCA7953
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA795F
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,reduce() of empty sequence with no initial value), ref: 6CCA7994
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Object_String$ErrorFatalItemObjectTuple_$Arg_CallClearEval_ExceptionFromGivenIterKeywordsMatchesString_TupleUnpackWith
                                                                                        • String ID: GC object already tracked$reduce$reduce() arg 2 must support iteration$reduce() of empty sequence with no initial value
                                                                                        • API String ID: 1261823125-4141807436
                                                                                        • Opcode ID: 93cd013f2ed421a1d8b8cbe82e23f3c425ea8985a8e46875785230ea62c86732
                                                                                        • Instruction ID: 5e2f684c899577fc2a87ebe1bddb3ad1425a29af4e7ddc4ea15adc9df493abf5
                                                                                        • Opcode Fuzzy Hash: 93cd013f2ed421a1d8b8cbe82e23f3c425ea8985a8e46875785230ea62c86732
                                                                                        • Instruction Fuzzy Hash: A39105B1A043029FD710CFA4C848B4AB3F4FF85324F208A1DE86997B94E735E946DB91
                                                                                        Function 6CCB1680 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 240COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,seed,00000000,00000001,?), ref: 6CCB16A2
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyMem_Malloc.PYTHON27(00000020), ref: 6CCB1732
                                                                                        • _PyLong_New.PYTHON27(00000001), ref: 6CCB1759
                                                                                        • PyInt_FromLong.PYTHON27(00000020), ref: 6CCB178B
                                                                                        • PyObject_IsTrue.PYTHON27(?), ref: 6CCB17A2
                                                                                        • PyNumber_And.PYTHON27(?,?), ref: 6CCB17C5
                                                                                        • PyLong_AsUnsignedLong.PYTHON27(00000000), ref: 6CCB17D8
                                                                                        • PyNumber_Rshift.PYTHON27(?,?), ref: 6CCB180F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromLongLong_Number_$Arg_Err_Int_MallocMem_ObjectObject_RshiftStringString_TrueTupleUnpackUnsigned
                                                                                        • String ID: seed
                                                                                        • API String ID: 2087077843-1149756166
                                                                                        • Opcode ID: 93ca3cf272384dc403cbaf875c2242b30d45afd3fdfa3df531bb499d532b629c
                                                                                        • Instruction ID: 66bdcfa870a8fbd16de57fd51de1f5fc22d2f6bfc2ce78bfe38b7631a810d9d0
                                                                                        • Opcode Fuzzy Hash: 93ca3cf272384dc403cbaf875c2242b30d45afd3fdfa3df531bb499d532b629c
                                                                                        • Instruction Fuzzy Hash: AF8171B5E002059BDB00CBE9D880AEE77B4BF45328F254368D825B7B91F735E946CB91
                                                                                        Function 6CD57560 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,int() base must be >= 2 and <= 36, or 0), ref: 6CD57586
                                                                                        • isspace.MSVCR90 ref: 6CD575A4
                                                                                        • _errno.MSVCR90 ref: 6CD575B9
                                                                                        • PyOS_strtoul.PYTHON27(?,?,?), ref: 6CD575D5
                                                                                        • PyLong_FromString.PYTHON27(?,?,?), ref: 6CD575E9
                                                                                        • PyOS_strtol.PYTHON27(?,?,?), ref: 6CD575FF
                                                                                          • Part of subcall function 6CDCF0A0: isspace.MSVCR90 ref: 6CDCF0B9
                                                                                          • Part of subcall function 6CDCF0A0: PyOS_strtoul.PYTHON27(?,?,?,?,?,?,6CD57604,?,?,?), ref: 6CDCF0E1
                                                                                        • isalnum.MSVCR90 ref: 6CD57616
                                                                                        • isspace.MSVCR90 ref: 6CD57634
                                                                                        • _errno.MSVCR90 ref: 6CD57650
                                                                                        • PyLong_FromString.PYTHON27(?,?,?), ref: 6CD57664
                                                                                        • PyInt_FromLong.PYTHON27(00000000), ref: 6CD5767D
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,000000C8), ref: 6CD576B8
                                                                                        • PyObject_Repr.PYTHON27(00000000), ref: 6CD576C7
                                                                                        • PyErr_Format.PYTHON27(6CEE5D10,invalid literal for int() with base %d: %s,?,00000014), ref: 6CD576FA
                                                                                        Strings
                                                                                        • int() base must be >= 2 and <= 36, or 0, xrefs: 6CD57580
                                                                                        • invalid literal for int() with base %d: %s, xrefs: 6CD576F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromString$isspace$Err_Long_S_strtoul_errno$FormatInt_LongObject_ReprS_strtolSizeString_isalnum
                                                                                        • String ID: int() base must be >= 2 and <= 36, or 0$invalid literal for int() with base %d: %s
                                                                                        • API String ID: 589373795-3519328525
                                                                                        • Opcode ID: 9669611e9994bfdf29e73171281ee8a7ef3802db90d97ac23019ac19f0108972
                                                                                        • Instruction ID: 6bb5dde5d1835a7a4b4802857943c509db5659dc43de3f87275ba4f48b286dbf
                                                                                        • Opcode Fuzzy Hash: 9669611e9994bfdf29e73171281ee8a7ef3802db90d97ac23019ac19f0108972
                                                                                        • Instruction Fuzzy Hash: DF516FB2A14202ABDF108F68AC40AB777B8DF82318F758654EC9887751E725D925C3F1
                                                                                        Function 6CCB0E80 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_InitModule4.PYTHON27(_lsprof,6CF22624,Fast profiler,00000000,000003F5), ref: 6CCB0EA0
                                                                                        • PyModule_GetDict.PYTHON27(00000000), ref: 6CCB0EB3
                                                                                          • Part of subcall function 6CD65170: PyType_IsSubtype.PYTHON27(F08BFC45,?,00000000,?,?,6CD55195,00000000), ref: 6CD6518B
                                                                                          • Part of subcall function 6CD65170: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\moduleobject.c,00000032,6CD55195,00000000), ref: 6CD651A9
                                                                                        • PyType_Ready.PYTHON27(6CF0B208,00000000), ref: 6CCB0EBF
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,Profiler,6CF0B208), ref: 6CCB0EDA
                                                                                          • Part of subcall function 6CD47460: PyString_FromString.PYTHON27(00000000,?,?,6CD650D7,00000000,__name__,00000000,?,00000014,?,6CDCDEB4), ref: 6CD47468
                                                                                        • PyStructSequence_InitType.PYTHON27(6CF11B18,6CF0AC10), ref: 6CCB0EF5
                                                                                          • Part of subcall function 6CD77970: malloc.MSVCR90 ref: 6CD77A06
                                                                                          • Part of subcall function 6CD77970: PyType_Ready.PYTHON27(6CF14458), ref: 6CD77A89
                                                                                        • PyStructSequence_InitType.PYTHON27(6CF11A50,6CF0AC20,6CF11B18,6CF0AC10), ref: 6CCB0F04
                                                                                          • Part of subcall function 6CD77970: PyString_FromString.PYTHON27(n_sequence_fields), ref: 6CD77B44
                                                                                          • Part of subcall function 6CD77970: PyString_InternInPlace.PYTHON27(00000000), ref: 6CD77B57
                                                                                          • Part of subcall function 6CD77970: PyDict_SetItem.PYTHON27(6CF14458,00000000,?,00000000), ref: 6CD77B65
                                                                                          • Part of subcall function 6CD77970: PyString_FromString.PYTHON27(n_fields), ref: 6CD77C34
                                                                                          • Part of subcall function 6CD77970: PyString_InternInPlace.PYTHON27(6CF14458), ref: 6CD77C47
                                                                                          • Part of subcall function 6CD77970: PyDict_SetItem.PYTHON27(6CF14458,6CF14458,?,6CF14458), ref: 6CD77C55
                                                                                          • Part of subcall function 6CD77970: PyString_FromString.PYTHON27(n_unnamed_fields), ref: 6CD77D25
                                                                                          • Part of subcall function 6CD77970: PyString_InternInPlace.PYTHON27(6CEE2AA8), ref: 6CD77D38
                                                                                        • PyModule_AddObject.PYTHON27(00000000,profiler_entry,6CF11B18), ref: 6CCB0F28
                                                                                        • PyModule_AddObject.PYTHON27(00000000,profiler_subentry,6CF11A50,00000000,profiler_entry,6CF11B18), ref: 6CCB0F38
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000000), ref: 6CCB0F67
                                                                                          • Part of subcall function 6CCDBAA0: _PyObject_GC_Malloc.PYTHON27(?), ref: 6CCDBABC
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB0FA4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$String$From$Dict_InitInternItemModule_PlaceType_$ObjectObject_ReadySequence_StructType$DictErr_ErrorFatalFormatMallocModule4Subtypemalloc
                                                                                        • String ID: Fast profiler$GC object already tracked$Profiler$_lsprof$profiler_entry$profiler_subentry
                                                                                        • API String ID: 931865609-500016676
                                                                                        • Opcode ID: 472640c40f16a3eb41435967b323d5424f82c5d19011e49d06f65f6d6292ab6e
                                                                                        • Instruction ID: edec7eae99af81fa30ed3e3b48931577789f6e95672c887197dd27625b51203d
                                                                                        • Opcode Fuzzy Hash: 472640c40f16a3eb41435967b323d5424f82c5d19011e49d06f65f6d6292ab6e
                                                                                        • Instruction Fuzzy Hash: E8316DB2F102105BD7509F599E42B45BBF4E7A222CF124A2EE80863F51F73298158BF2
                                                                                        Function 00401220 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(?,00000001,PYTHONSCRIPT), ref: 0040122E
                                                                                        • GetLastError.KERNEL32(Could not locate script resource:,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 00401251
                                                                                          • Part of subcall function 00401180: GetModuleFileNameA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\pyexec.exe,00000304,00401245,?,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040118F
                                                                                          • Part of subcall function 00401180: GetLastError.KERNEL32(Retrieving module name,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040119E
                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 00401267
                                                                                        • GetLastError.KERNEL32(Could not load script resource:,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 00401276
                                                                                          • Part of subcall function 00401000: FormatMessageA.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000), ref: 00401024
                                                                                          • Part of subcall function 00401000: strncpy.MSVCR90 ref: 00401038
                                                                                          • Part of subcall function 00401000: LocalFree.KERNEL32(?), ref: 00401046
                                                                                          • Part of subcall function 00401000: lstrlenA.KERNEL32(00000000), ref: 00401058
                                                                                          • Part of subcall function 00401000: _snprintf.MSVCR90 ref: 00401073
                                                                                          • Part of subcall function 00401000: GetFocus.USER32 ref: 00401085
                                                                                          • Part of subcall function 00401000: MessageBoxA.USER32(00000000), ref: 0040108C
                                                                                        • LockResource.KERNEL32(00000000,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040128B
                                                                                        • GetLastError.KERNEL32(Could not lock script resource:,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 004012A4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Resource$Message$FileFindFocusFormatFreeLoadLocalLockModuleName_snprintflstrlenstrncpy
                                                                                        • String ID: %s\%s$Bug: Invalid script resource$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\common.bin$Could not load script resource:$Could not locate script resource:$Could not lock script resource:$PYTHONSCRIPT
                                                                                        • API String ID: 1129944797-3991599648
                                                                                        • Opcode ID: b432dbf9351b12fe222823a8510b54283b5670730d38031d67c0957052b3a19f
                                                                                        • Instruction ID: 7eba09b1a0f40aa0c84d07f7e295eb5ffc7ddc03588af27cd80fb795cb350761
                                                                                        • Opcode Fuzzy Hash: b432dbf9351b12fe222823a8510b54283b5670730d38031d67c0957052b3a19f
                                                                                        • Instruction Fuzzy Hash: F62128B26442006FD7115B78BE0DB9B3758DB80769F06007BFF05F62F1E67988428A9D
                                                                                        Function 6CD759D0 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 269COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CD75A40
                                                                                        • PyString_AsString.PYTHON27(00000000), ref: 6CD75A55
                                                                                          • Part of subcall function 6CD6DC60: PyString_AsStringAndSize.PYTHON27(?,?,?), ref: 6CD6DC83
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\stringobject.c,000010B7), ref: 6CD767F5
                                                                                        Strings
                                                                                        • , xrefs: 6CD763A9
                                                                                        • not all arguments converted during string formatting, xrefs: 6CD764B3, 6CD76730
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD767EF
                                                                                        • 4:l, xrefs: 6CD763EB
                                                                                        • incomplete format, xrefs: 6CD75F19
                                                                                        • ..\Objects\stringobject.c, xrefs: 6CD767EA
                                                                                        • unsupported format character '%c' (0x%x) at index %zd, xrefs: 6CD7677D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: StringString_$Size$Err_FormatFrom
                                                                                        • String ID: $%s:%d: bad argument to internal function$..\Objects\stringobject.c$4:l$incomplete format$not all arguments converted during string formatting$unsupported format character '%c' (0x%x) at index %zd
                                                                                        • API String ID: 1082063328-555679935
                                                                                        • Opcode ID: 77c95fdeb5643d44d7cbf8722618b70c23f36b140c9e0c1e1b2b69980d885931
                                                                                        • Instruction ID: a385d19c583a08d83b512c0015c7c6a7bfd9109005098e890ae316940afb4c49
                                                                                        • Opcode Fuzzy Hash: 77c95fdeb5643d44d7cbf8722618b70c23f36b140c9e0c1e1b2b69980d885931
                                                                                        • Instruction Fuzzy Hash: 3FA19071A08341CFC720DF69C884A5FBBF4EB89318F144A2DF5A597A60E735D846CB62
                                                                                        Function 6CCAB6A0 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 339COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCAB701
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • PyString_FromString.PYTHON27(end is out of bounds), ref: 6CCAB74F
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000,end is out of bounds), ref: 6CCAB758
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCAB7A7
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,?), ref: 6CCAB829
                                                                                        • PyUnicodeUCS2_FromEncodedObject.PYTHON27(00000000,?,00000000), ref: 6CCAB842
                                                                                        • PyList_Append.PYTHON27(?,00000000), ref: 6CCAB86B
                                                                                        • PyList_Append.PYTHON27(?,?), ref: 6CCAB9E5
                                                                                          • Part of subcall function 6CCAB460: PyString_FromString.PYTHON27(json.decoder), ref: 6CCAB473
                                                                                          • Part of subcall function 6CCAB460: PyImport_Import.PYTHON27(00000000), ref: 6CCAB486
                                                                                          • Part of subcall function 6CCAB460: PyObject_GetAttrString.PYTHON27(00000000,errmsg), ref: 6CCAB4AB
                                                                                          • Part of subcall function 6CCAB460: PyObject_CallFunction.PYTHON27(?,(zOO&),?,?,Function_0000ADF0,?), ref: 6CCAB4E9
                                                                                          • Part of subcall function 6CCAB460: PyErr_SetObject.PYTHON27(6CEE5D10,00000000), ref: 6CCAB4FF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$From$DebugObjectObject_OutputString_$AppendErr_List___iob_func$AttrCallEncodedErrorFatalFunctionImportImport_MallocSizeUnicodeabortfflushfprintf
                                                                                        • String ID: GC object already tracked$Invalid \escape$Invalid \uXXXX escape$Invalid control character at$Unterminated string starting at$end is out of bounds
                                                                                        • API String ID: 3483052483-1491704308
                                                                                        • Opcode ID: cad577a9d11eaed6e6a15784224e13b88631c32851a6dd9c550b6d1fd1b3a1ca
                                                                                        • Instruction ID: 5309446cd88170335b5760f8a2be3304880a11a8bc7d90b46f35606960ad06a3
                                                                                        • Opcode Fuzzy Hash: cad577a9d11eaed6e6a15784224e13b88631c32851a6dd9c550b6d1fd1b3a1ca
                                                                                        • Instruction Fuzzy Hash: 46C1187590460B9FC700CFA9D8A4A9677F0EF45368F148619E8A987B91F730DC47CBA2
                                                                                        Function 6CD63740 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000040), ref: 6CD63778
                                                                                        • PyObject_GetBuffer.PYTHON27(?,0000000C,0000011C), ref: 6CD637B0
                                                                                        • PyBuffer_IsContiguous.PYTHON27(0000000C,?), ref: 6CD637C5
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD637E4
                                                                                        • PyErr_SetString.PYTHON27(6CEE6898,writable contiguous buffer requested for a non-contiguousobject.), ref: 6CD6383F
                                                                                          • Part of subcall function 6CD63660: PyErr_NoMemory.PYTHON27(?,?,6CD638F0,00000014,?), ref: 6CD6366E
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CD63856
                                                                                        • PyTuple_Pack.PYTHON27(00000002,?,00000000), ref: 6CD638AA
                                                                                        • PyBuffer_Release.PYTHON27(0000000C), ref: 6CD63927
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD63940
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • PyString_FromString.PYTHON27(object does not have the buffer interface), ref: 6CD6397F
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,object does not have the buffer interface), ref: 6CD63988
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD637DF, 6CD6393B
                                                                                        • writable contiguous buffer requested for a non-contiguousobject., xrefs: 6CD63839
                                                                                        • object does not have the buffer interface, xrefs: 6CD6397A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$DebugErr_Output$Buffer_ErrorFatalFromObject_String___iob_func$BufferContiguousMallocMemoryObjectPackReleaseSizeTuple_abortfflushfprintf
                                                                                        • String ID: GC object already tracked$object does not have the buffer interface$writable contiguous buffer requested for a non-contiguousobject.
                                                                                        • API String ID: 2061887235-4082899811
                                                                                        • Opcode ID: c079ca493fc9dd86d590783993185e37e80f7c78e0eecb80533588c3427473ec
                                                                                        • Instruction ID: 93d0487061b763c60aa62f019c6ca92e49d7f65e36136cde94c4f0f53de797ea
                                                                                        • Opcode Fuzzy Hash: c079ca493fc9dd86d590783993185e37e80f7c78e0eecb80533588c3427473ec
                                                                                        • Instruction Fuzzy Hash: 6F71D7B6A00201DBD700CF56DC80A96B3B4FB85338F144769E96987F91E735E856CBE1
                                                                                        Function 6CD88180 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 207COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyCodec_LookupError.PYTHON27(?,-000000FF,?,?,?,?,6CCA2548), ref: 6CD881B1
                                                                                        • _PyObject_CallFunction_SizeT.PYTHON27(6CEE5FF0,ss#nns,?,6CCA2548,?,?,?,00000000,-000000FF,?,?,?,?,6CCA2548), ref: 6CD881EE
                                                                                        • PyUnicodeDecodeError_SetReason.PYTHON27(?,00000000,-000000FF,?,?,?,?,6CCA2548), ref: 6CD88217
                                                                                          • Part of subcall function 6CD4AAB0: PyString_FromString.PYTHON27(?), ref: 6CD4AABB
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(00000000,?,00000000,?,?,?,?,6CCA2548), ref: 6CD8822F
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,decoding error handler must return (unicode, int) tuple,?,?,?,?,?,?,?,6CCA2548), ref: 6CD8825C
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(00000000,O!n;decoding error handler must return (unicode, int) tuple,?,00000000,?,?,?,?,?,?,?,?,6CCA2548), ref: 6CD88279
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,decoded result is too long for a Python string,?,?,?,?,?,?,?,?,?,?,?,?,6CCA2548), ref: 6CD882D7
                                                                                        • memcpy.MSVCR90(?,?,6CCA2548,?,?,?,?,?,?,?,?,?,?,?,?,6CCA2548), ref: 6CD88360
                                                                                        • PyErr_Format.PYTHON27(6CEE5B38,position %zd from error handler out of bounds,?,?,?,?,?,?,?,?,?,?,?,?,?,6CCA2548), ref: 6CD883AC
                                                                                        Strings
                                                                                        • decoded result is too long for a Python string, xrefs: 6CD882D1
                                                                                        • O!n;decoding error handler must return (unicode, int) tuple, xrefs: 6CD88273
                                                                                        • position %zd from error handler out of bounds, xrefs: 6CD883A6
                                                                                        • ss#nns, xrefs: 6CD881E8
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD883A0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$CallObject_Size$Arg_ArgsCodec_DecodeErrorError_FormatFromFunctionFunction_LookupParseReasonString_Tuple_Unicodememcpy
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$O!n;decoding error handler must return (unicode, int) tuple$decoded result is too long for a Python string$position %zd from error handler out of bounds$ss#nns
                                                                                        • API String ID: 3819994130-119856513
                                                                                        • Opcode ID: 3e6f1228cd649fffc5be43a9f7436118eb3babc82c37c2f5524214b8ac1802f1
                                                                                        • Instruction ID: eb47e655d39f2fa9e97d2b0de2aae171fa7aa2c75b9ed04baff3bf4d91e08109
                                                                                        • Opcode Fuzzy Hash: 3e6f1228cd649fffc5be43a9f7436118eb3babc82c37c2f5524214b8ac1802f1
                                                                                        • Instruction Fuzzy Hash: FC7190B5A02605DFDB04CF68CC80AAA77B5FF89318B24425AE915D7761D731EC06CBA0
                                                                                        Function 6CD66E30 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyUnicodeUCS2_AsEncodedString.PYTHON27(?,00000000,00000000), ref: 6CD66E6C
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,attribute name must be string, not '%.200s',?), ref: 6CD66E94
                                                                                        • PyType_Ready.PYTHON27(?), ref: 6CD66EB2
                                                                                        • _PyType_Lookup.PYTHON27(?,?), ref: 6CD66EC4
                                                                                        • _PyObject_GetDictPtr.PYTHON27(?), ref: 6CD66F0B
                                                                                        • PyDict_New.PYTHON27 ref: 6CD66F2A
                                                                                        • PyDict_DelItem.PYTHON27(?,?), ref: 6CD66F4A
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE5C10), ref: 6CD66F78
                                                                                        • PyErr_SetObject.PYTHON27(6CEE55C0,?), ref: 6CD66F8C
                                                                                        Strings
                                                                                        • '%.100s' object has no attribute '%.200s', xrefs: 6CD66FDC
                                                                                        • attribute name must be string, not '%.200s', xrefs: 6CD66E8E
                                                                                        • '%.50s' object attribute '%.400s' is read-only, xrefs: 6CD66FF5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Dict_Type_$DictEncodedExceptionFormatGivenItemLookupMatchesObjectObject_ReadyStringUnicode
                                                                                        • String ID: '%.100s' object has no attribute '%.200s'$'%.50s' object attribute '%.400s' is read-only$attribute name must be string, not '%.200s'
                                                                                        • API String ID: 86432852-722485057
                                                                                        • Opcode ID: 32a07e054f606bbafcd1aeadb8c2087e14e0145cdb1bc8ff81a9cebb496ae22e
                                                                                        • Instruction ID: c4bf7fa7a882e46cc18f1229bc36cbe5a89408ee7c67c36c0c326d74b94c41c1
                                                                                        • Opcode Fuzzy Hash: 32a07e054f606bbafcd1aeadb8c2087e14e0145cdb1bc8ff81a9cebb496ae22e
                                                                                        • Instruction Fuzzy Hash: 7F51A3B5A052019BD701CF6AD880E6B73B8AF84328F144659FD6487B61E731E906CBF1
                                                                                        Function 004018E0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 114COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00401220: FindResourceA.KERNEL32(?,00000001,PYTHONSCRIPT), ref: 0040122E
                                                                                          • Part of subcall function 00401220: GetLastError.KERNEL32(Could not locate script resource:,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 00401251
                                                                                        • __iob_func.MSVCR90 ref: 0040191B
                                                                                        • setbuf.MSVCR90 ref: 00401924
                                                                                        • __iob_func.MSVCR90 ref: 0040192B
                                                                                        • setbuf.MSVCR90 ref: 00401931
                                                                                        • __iob_func.MSVCR90 ref: 00401938
                                                                                        • setbuf.MSVCR90 ref: 0040193E
                                                                                        • getenv.MSVCR90 ref: 0040194F
                                                                                        • getenv.MSVCR90 ref: 0040195D
                                                                                        • atoi.MSVCR90 ref: 00401960
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: __iob_funcsetbuf$getenv$ErrorFindLastResourceatoi
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\pyexec.exe$PY2EXE_VERBOSE$PY2EXE_VERBOSE$frozen$frozen
                                                                                        • API String ID: 2889461157-2513447825
                                                                                        • Opcode ID: 6a41f32718c465f74dc13107b34463424df5baa3dd1c1489e4060c543bf3a866
                                                                                        • Instruction ID: adff5b3d9cbd52ee3098cb8152bb6aaebbde8b1068d3032ab92f625a8504708a
                                                                                        • Opcode Fuzzy Hash: 6a41f32718c465f74dc13107b34463424df5baa3dd1c1489e4060c543bf3a866
                                                                                        • Instruction Fuzzy Hash: 293163B1A012005BD7007BB5AE49B5B3AA8DF44349F154436FD05BB2F1E67AD810CEAE
                                                                                        Function 6CCAF590 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 109COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27 ref: 6CCAF5B6
                                                                                        • setlocale.MSVCR90 ref: 6CCAF5DD
                                                                                        • PyErr_SetString.PYTHON27(00000000,unsupported locale setting), ref: 6CCAF5F5
                                                                                        • PyString_FromString.PYTHON27(00000000), ref: 6CCAF606
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCAF62A
                                                                                        • setlocale.MSVCR90 ref: 6CCAF63A
                                                                                        • PyErr_SetString.PYTHON27(00000000,locale query failed), ref: 6CCAF653
                                                                                        • PyString_FromString.PYTHON27(invalid locale category), ref: 6CCAF67F
                                                                                        • PyErr_SetObject.PYTHON27(00000000,00000000,invalid locale category), ref: 6CCAF688
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromString_setlocale$Arg_ClearObjectParseTuple
                                                                                        • String ID: invalid locale category$i|z:setlocale$locale query failed$unsupported locale setting
                                                                                        • API String ID: 710232110-2409507137
                                                                                        • Opcode ID: 91e2726b98943aad2563225bd119a847776ffef1e76489f60ce00d2291b34846
                                                                                        • Instruction ID: 25b799927a6d89f13ab9378f4ffb0a9b4ba1d1cd3a45a81884b720af0b5489d9
                                                                                        • Opcode Fuzzy Hash: 91e2726b98943aad2563225bd119a847776ffef1e76489f60ce00d2291b34846
                                                                                        • Instruction Fuzzy Hash: 5721E5B6E151021BE610EBE9AC49ADB37A8DB8126DF140725ED18C7F30F731D91983E2
                                                                                        Function 6CCA5470 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 62threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyEval_SaveThread.PYTHON27 ref: 6CCA5476
                                                                                          • Part of subcall function 6CDAE4E0: Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate,00000000,6CDC67DA,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE4FA
                                                                                          • Part of subcall function 6CDAE4E0: InterlockedDecrement.KERNEL32(?), ref: 6CDAE516
                                                                                          • Part of subcall function 6CDAE4E0: SetEvent.KERNEL32(?,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE524
                                                                                        • fprintf.MSVCR90 ref: 6CCA548C
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000), ref: 6CCA548F
                                                                                          • Part of subcall function 6CDAE540: Py_FatalError.PYTHON27(PyEval_RestoreThread: NULL tstate,?,?,6CDC67F6,00000000,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE550
                                                                                          • Part of subcall function 6CDAE540: _errno.MSVCR90 ref: 6CDAE569
                                                                                          • Part of subcall function 6CDAE540: _errno.MSVCR90 ref: 6CDAE585
                                                                                        • PyEval_SaveThread.PYTHON27 ref: 6CCA54A1
                                                                                        • fprintf.MSVCR90 ref: 6CCA54AE
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000), ref: 6CCA54B1
                                                                                        • PyEval_SaveThread.PYTHON27 ref: 6CCA54C9
                                                                                        • fprintf.MSVCR90 ref: 6CCA54D6
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000), ref: 6CCA54D9
                                                                                        • PyEval_SaveThread.PYTHON27 ref: 6CCA54ED
                                                                                        • fprintf.MSVCR90 ref: 6CCA54FB
                                                                                        • PyEval_RestoreThread.PYTHON27(?), ref: 6CCA5501
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Eval_Thread$RestoreSavefprintf$ErrorFatal_errno$DecrementEventInterlocked
                                                                                        • String ID: None$defaultdict(
                                                                                        • API String ID: 1827517810-219834825
                                                                                        • Opcode ID: 257bbebf3d50034b032e177de312efbe478b2603abadac79e532fdc30b5cc598
                                                                                        • Instruction ID: b6dbf9d773a1c1dd834be189a8ca4067bf63aa8c9f0eb9659f266ff65ec1fe60
                                                                                        • Opcode Fuzzy Hash: 257bbebf3d50034b032e177de312efbe478b2603abadac79e532fdc30b5cc598
                                                                                        • Instruction Fuzzy Hash: 5401AD75A003043BD62077F5DC84ECB3EAC9F49258F048815B90897F22FAB4E459C6F5
                                                                                        Function 6CCB1F30 Relevance: 24.2, APIs: 16, Instructions: 185COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isalnum.MSVCR90 ref: 6CCB2025
                                                                                        • isalnum.MSVCR90 ref: 6CCB2043
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27 ref: 6CCB205C
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27 ref: 6CCB2066
                                                                                        • _PyUnicodeUCS2_IsWhitespace.PYTHON27 ref: 6CCB208A
                                                                                        • _PyUnicodeUCS2_IsWhitespace.PYTHON27 ref: 6CCB20B2
                                                                                        • _PyUnicodeUCS2_IsAlpha.PYTHON27 ref: 6CCB20C5
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27 ref: 6CCB20D2
                                                                                        • _PyUnicodeUCS2_IsDigit.PYTHON27 ref: 6CCB20E3
                                                                                        • _PyUnicodeUCS2_IsNumeric.PYTHON27 ref: 6CCB20F4
                                                                                        • _PyUnicodeUCS2_IsAlpha.PYTHON27 ref: 6CCB20FF
                                                                                        • _PyUnicodeUCS2_IsDecimalDigit.PYTHON27 ref: 6CCB2110
                                                                                        • _PyUnicodeUCS2_IsDigit.PYTHON27 ref: 6CCB2121
                                                                                        • _PyUnicodeUCS2_IsNumeric.PYTHON27 ref: 6CCB2132
                                                                                        • _PyUnicodeUCS2_IsLinebreak.PYTHON27 ref: 6CCB2152
                                                                                        • _PyUnicodeUCS2_IsLinebreak.PYTHON27 ref: 6CCB215C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Digit$Decimal$AlphaLinebreakNumericWhitespaceisalnum
                                                                                        • String ID:
                                                                                        • API String ID: 1297412580-0
                                                                                        • Opcode ID: 77b67f0a435ac74963dc8620b74e66a8bd7a99a4d0e802e95408444bbec9a0b7
                                                                                        • Instruction ID: 9d3fe7a8dfe02af42a7e099609d36ebdf0448a6dbfb59ff90b4994cb71aa97b6
                                                                                        • Opcode Fuzzy Hash: 77b67f0a435ac74963dc8620b74e66a8bd7a99a4d0e802e95408444bbec9a0b7
                                                                                        • Instruction Fuzzy Hash: E74124A3A0791005EB1522796CA67DF34A91F4674DF8C0570E8A3E1EA1FB2CD70BC297
                                                                                        Function 6CCAC7B0 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 372COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_IsTrue.PYTHON27 ref: 6CCAC7DB
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCAC818
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCAC85A
                                                                                        • PyTuple_Pack.PYTHON27(00000002,?,00000000), ref: 6CCAC9EC
                                                                                        • PyList_Append.PYTHON27(?,00000000), ref: 6CCACA34
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(?,?,00000000), ref: 6CCACB48
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(?,?,00000000), ref: 6CCACB88
                                                                                          • Part of subcall function 6CD2F750: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F770
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(?,00000000,00000000), ref: 6CCACBC0
                                                                                        Strings
                                                                                        • Expecting ',' delimiter, xrefs: 6CCACB12
                                                                                        • GC object already tracked, xrefs: 6CCAC855
                                                                                        • Expecting object, xrefs: 6CCAC8B6
                                                                                        • Expecting property name enclosed in double quotes, xrefs: 6CCACAE9
                                                                                        • Expecting ':' delimiter, xrefs: 6CCAC939
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$ArgsCallFunction$AppendErr_ErrorFatalList_MallocPackStringTrueTuple_
                                                                                        • String ID: Expecting ',' delimiter$Expecting ':' delimiter$Expecting object$Expecting property name enclosed in double quotes$GC object already tracked
                                                                                        • API String ID: 2157364734-52499038
                                                                                        • Opcode ID: d949fe343e095bd19650f37625f7253e37f411900c40de662cbbac71bdf8748b
                                                                                        • Instruction ID: cff6e908caf944226dc089be129b45cbc9650397b4d0d1faf9566cf7dee59b11
                                                                                        • Opcode Fuzzy Hash: d949fe343e095bd19650f37625f7253e37f411900c40de662cbbac71bdf8748b
                                                                                        • Instruction Fuzzy Hash: 74C1D9716002034BC710FFE8D888AA673E4FB45328F644629E9658BB91F736DC97C796
                                                                                        Function 6CCAD510 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 305COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(idx cannot be negative,?,?,?,?,?,6CCAC59D,FFFFFFFD,?,?,?), ref: 6CCAD532
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000,?), ref: 6CCAD53E
                                                                                        • PyErr_SetObject.PYTHON27(6CEE4978,00000000,?,?,?,?,?,6CCAC59D,FFFFFFFD,?,?,?), ref: 6CCAD571
                                                                                        • PyObject_IsTrue.PYTHON27(?,?,?,?,?,?,6CCAC59D,FFFFFFFD,?,?,?), ref: 6CCAD5A8
                                                                                        • _Py_CheckRecursiveCall.PYTHON27( while decoding a JSON object from a byte string), ref: 6CCAD5F5
                                                                                          • Part of subcall function 6CDAE7C0: PyOS_CheckStack.PYTHON27(?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE7CA
                                                                                          • Part of subcall function 6CDAE7C0: PyErr_SetString.PYTHON27(6CEE67A8,Stack overflow,?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE7E1
                                                                                        • _Py_CheckRecursiveCall.PYTHON27( while decoding a JSON array from a byte string), ref: 6CCAD64D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckErr_$CallObjectRecursiveString$FromObject_StackString_True
                                                                                        • String ID: while decoding a JSON array from a byte string$ while decoding a JSON object from a byte string$-Infinity$Infinity$NaN$idx cannot be negative$cl
                                                                                        • API String ID: 1039784377-4056482752
                                                                                        • Opcode ID: 137bc95f90d27c826201506f225a61d1bd98097e5832508bbc09c9645ce7ae93
                                                                                        • Instruction ID: a96bbcab782de911c81913a0be361a3a6bcca7e4c5fadc9761bef08428980ad1
                                                                                        • Opcode Fuzzy Hash: 137bc95f90d27c826201506f225a61d1bd98097e5832508bbc09c9645ce7ae93
                                                                                        • Instruction Fuzzy Hash: 20A1FE76B046425BD714CF9AE4489E57BB4EB4533DF08435AEC0987B01E322EA5AC7F1
                                                                                        Function 6CD500C0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 204COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,writeobject with NULL file), ref: 6CD500D6
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD500FA
                                                                                        • PyObject_GetAttrString.PYTHON27(?,write), ref: 6CD50110
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$AttrErr_Object_SubtypeType_
                                                                                        • String ID: I/O operation on closed file$strict$write$writeobject with NULL file
                                                                                        • API String ID: 1296135835-1655942581
                                                                                        • Opcode ID: 60c2e8028b5f189073cae4922a6ad7adf86efebd948a97c34947e64c1f1e0f5d
                                                                                        • Instruction ID: 747f1c253bcd4f63be5f33aad9f449b55123823b3b43a5caad132c43020188aa
                                                                                        • Opcode Fuzzy Hash: 60c2e8028b5f189073cae4922a6ad7adf86efebd948a97c34947e64c1f1e0f5d
                                                                                        • Instruction Fuzzy Hash: 0251D9726002419BCB008F69DC80A9B73B4AF453BCF644725E9398BBE1D735F966C7A1
                                                                                        Function 6CD64800 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 190COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_Size.PYTHON27(?), ref: 6CD64834
                                                                                        • PyDict_Size.PYTHON27(?), ref: 6CD64872
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s() takes no arguments (%zd given),?,?), ref: 6CD648AC
                                                                                        • PyDict_Size.PYTHON27(?), ref: 6CD648C5
                                                                                        • PyDict_Size.PYTHON27(?), ref: 6CD64919
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s() takes no keyword arguments,00000000), ref: 6CD64937
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\methodobject.c,00000078), ref: 6CD6498B
                                                                                        Strings
                                                                                        • %.200s() takes no arguments (%zd given), xrefs: 6CD648A6
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD64985
                                                                                        • ..\Objects\methodobject.c, xrefs: 6CD64980
                                                                                        • %.200s() takes exactly one argument (%zd given), xrefs: 6CD648FA
                                                                                        • %.200s() takes no keyword arguments, xrefs: 6CD64931
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_Size$Err_Format
                                                                                        • String ID: %.200s() takes exactly one argument (%zd given)$%.200s() takes no arguments (%zd given)$%.200s() takes no keyword arguments$%s:%d: bad argument to internal function$..\Objects\methodobject.c
                                                                                        • API String ID: 3553065328-1061343441
                                                                                        • Opcode ID: 972e3f691461524740b046874d291d3c9f9a65831ba0e8aec656825c548765c1
                                                                                        • Instruction ID: b2007de9acb7d53893fd5bf6ce8395b2ce5504aff014794591102da7721d782c
                                                                                        • Opcode Fuzzy Hash: 972e3f691461524740b046874d291d3c9f9a65831ba0e8aec656825c548765c1
                                                                                        • Instruction Fuzzy Hash: 7F41DC767401045BD600DFAAFC81C6BB3ACEB8517AB14857AFD1DC7F11EA32E815C6A1
                                                                                        Function 6CD5D480 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 160COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _finite.MSVCR90 ref: 6CD5D49D
                                                                                        • _isnan.MSVCR90 ref: 6CD5D4B9
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,cannot convert float infinity to integer), ref: 6CD5D4CD
                                                                                        • _isnan.MSVCR90 ref: 6CD5D4E7
                                                                                        • PyString_FromString.PYTHON27(cannot convert float NaN to integer), ref: 6CD5D4FB
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000,cannot convert float NaN to integer), ref: 6CD5D504
                                                                                        • frexp.MSVCR90 ref: 6CD5D54F
                                                                                        • PyLong_FromLong.PYTHON27(00000000), ref: 6CD5D566
                                                                                        Strings
                                                                                        • cannot convert float infinity to integer, xrefs: 6CD5D4C7
                                                                                        • cannot convert float NaN to integer, xrefs: 6CD5D4F6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromString_isnan$LongLong_ObjectString__finitefrexp
                                                                                        • String ID: cannot convert float NaN to integer$cannot convert float infinity to integer
                                                                                        • API String ID: 2678645882-126850158
                                                                                        • Opcode ID: e919110d1776c8fb70d466b2bc627cafac6542a5f74d4f90467202479cb89e9f
                                                                                        • Instruction ID: 8ddcb4fd1126911a23755263630f9c4ac325a516e8a8c1417bdf4b19f38545ca
                                                                                        • Opcode Fuzzy Hash: e919110d1776c8fb70d466b2bc627cafac6542a5f74d4f90467202479cb89e9f
                                                                                        • Instruction Fuzzy Hash: 91413971A0920097DB007F65ED4566ABBB4EF85319F400679FDC8866A4FB32D828C7E2
                                                                                        Function 6CD557C0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(0000002C), ref: 6CD557D0
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,00000072), ref: 6CD55834
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,tuple index out of range), ref: 6CD55855
                                                                                        • PyString_FromString.PYTHON27(__name__), ref: 6CD5588E
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD558A7
                                                                                        • PyDict_GetItem.PYTHON27(?,?), ref: 6CD558D8
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD558F7
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD558F2
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD55829
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5582E
                                                                                        • __name__, xrefs: 6CD55889
                                                                                        • tuple index out of range, xrefs: 6CD5584F
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD5584A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_StringString_$Dict_ErrorFatalFormatFromInternItemMallocObject_Place
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c$8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$GC object already tracked$__name__$tuple index out of range
                                                                                        • API String ID: 4258960316-3348598829
                                                                                        • Opcode ID: 2f358bc01caa62deb525f2b09df2a0941c8c0e7230fd9cb47456e91d271b4adc
                                                                                        • Instruction ID: 9a333d18697c1a2117253a1106237ad5e8855716ac2dadea5a82a3d849443c94
                                                                                        • Opcode Fuzzy Hash: 2f358bc01caa62deb525f2b09df2a0941c8c0e7230fd9cb47456e91d271b4adc
                                                                                        • Instruction Fuzzy Hash: 3D4109B5A00300DFDB10DF55C881956F7F4FF49328B608A2EE96A87B61E731E459CB91
                                                                                        Function 6CDE7770 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySys_GetObject.PYTHON27(stderr,?,0000005F,?), ref: 6CDE77C4
                                                                                        • PyType_IsSubtype.PYTHON27(?,?,?), ref: 6CDE77E6
                                                                                        • _vsnprintf.MSVCR90 ref: 6CDE7819
                                                                                        • PyFile_WriteString.PYTHON27(?,00000000), ref: 6CDE782C
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CDE7838
                                                                                        • fputs.MSVCR90 ref: 6CDE784B
                                                                                        • PyFile_WriteString.PYTHON27(... truncated,00000000), ref: 6CDE7866
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CDE7872
                                                                                        • fputs.MSVCR90 ref: 6CDE7883
                                                                                        • vfprintf.MSVCR90 ref: 6CDE789D
                                                                                        • PyErr_Restore.PYTHON27(?,?,?), ref: 6CDE78BB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ClearFile_StringWritefputs$ObjectRestoreSubtypeSys_Type__vsnprintfvfprintf
                                                                                        • String ID: ... truncated$stderr
                                                                                        • API String ID: 1300025650-2073631001
                                                                                        • Opcode ID: d4b4de21667d0a4855ceb217e27ed5dad2e30eadddbd0faf0894217b3b1a09a4
                                                                                        • Instruction ID: a7f9f4b2f296af349fac2fcbe339074d83cdab59026aa9fa4a202e7ebeb9070b
                                                                                        • Opcode Fuzzy Hash: d4b4de21667d0a4855ceb217e27ed5dad2e30eadddbd0faf0894217b3b1a09a4
                                                                                        • Instruction Fuzzy Hash: 204182B1E40116ABDB64DF69CDC0EAAB7BCEF4C204F1141A9E50D97711D630AE44CFA5
                                                                                        Function 6CD58C00 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: __iob_funcfprintf$ClearFreeInt_List
                                                                                        • String ID: # <int at %p, refcnt=%ld, val=%ld>$# cleanup ints$: %d unfreed int%s$R
                                                                                        • API String ID: 1369846620-1170346019
                                                                                        • Opcode ID: 17dabfaabc3839c5d1946d418188e9cee2da094f12981f54cc7353540aaea33b
                                                                                        • Instruction ID: 0b6fa1569364840fcdea6ad43a3f12f4a76692d99e63ca9db795103cb8555917
                                                                                        • Opcode Fuzzy Hash: 17dabfaabc3839c5d1946d418188e9cee2da094f12981f54cc7353540aaea33b
                                                                                        • Instruction Fuzzy Hash: 6E3147B1E52100DFEF009BA9CC40B6A73B8EF01318F664466DC499BB50D735EC51CBA0
                                                                                        Function 6CD8B6F0 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 408COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyUnicodeUCS2_DecodeLatin1.PYTHON27(?,?,?,?,00000000,?,?,?,6CCA2548,?,?,?,?), ref: 6CD8B719
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DecodeLatin1Unicode
                                                                                        • String ID: character mapping must be in range(0x110000)$character mapping must return integer, None or unicode$character maps to <undefined>$charmap
                                                                                        • API String ID: 2178874186-3975267084
                                                                                        • Opcode ID: edf2ff306a799d5a807c35ed1b84b52d023849c51f14144fc9f8a6d0158da6f6
                                                                                        • Instruction ID: ed2ce7300df00d9eb0037c7783343bcc9ec3535aed1e4fbb6da4e5e2dce82c77
                                                                                        • Opcode Fuzzy Hash: edf2ff306a799d5a807c35ed1b84b52d023849c51f14144fc9f8a6d0158da6f6
                                                                                        • Instruction Fuzzy Hash: 5EE16175E01209EFCB00CFA8CC809AEB7B5FF45318B158659D8199BBA1D734EE46CB91
                                                                                        Function 6CD46460 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_GetItem.PYTHON27(00000000,?,?,?,?,?,?,6CD46452,?,?,00000001), ref: 6CD4650F
                                                                                        • PyObject_CallMethod.PYTHON27(?,keys,00000000,?,?,?,?,?,6CD46452,?,?,00000001), ref: 6CD46566
                                                                                        • PyObject_GetIter.PYTHON27(00000000), ref: 6CD46579
                                                                                        • PyIter_Next.PYTHON27(00000000), ref: 6CD465A1
                                                                                        • PyDict_GetItem.PYTHON27(?,00000000), ref: 6CD465BE
                                                                                        • PyObject_GetItem.PYTHON27(?,00000000), ref: 6CD465DF
                                                                                        • PyDict_SetItem.PYTHON27(?,00000000,00000000), ref: 6CD465F3
                                                                                        • PyIter_Next.PYTHON27(?), ref: 6CD4662B
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,0000066D,?,?,?,?,?,6CD46452,?,?,00000001), ref: 6CD466C3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Item$Dict_Object_$Iter_Next$CallErr_FormatIterMethod
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c$keys
                                                                                        • API String ID: 3758137212-1154662420
                                                                                        • Opcode ID: 5a491d98a6b782bdeda4abc16f7a28cedc8389691f8ccb5407bbb3c312073d8f
                                                                                        • Instruction ID: 8aff6f1c89b2c20f9f756c4c943f4f7e560626a0c93486c7e40903bc7f3c1bcb
                                                                                        • Opcode Fuzzy Hash: 5a491d98a6b782bdeda4abc16f7a28cedc8389691f8ccb5407bbb3c312073d8f
                                                                                        • Instruction Fuzzy Hash: C871F775A00601DBC710CF65D880A9A73A4EF45338F24C768EE2A8BBA1D735E857CBD1
                                                                                        Function 6CCA8780 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 231COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,nO:nlargest,?,?), ref: 6CCA879F
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA87B4
                                                                                          • Part of subcall function 6CD2FF00: PySequence_Check.PYTHON27(?), ref: 6CD2FF18
                                                                                          • Part of subcall function 6CD2FF00: PySeqIter_New.PYTHON27(?), ref: 6CD2FF25
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA8801
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • PyIter_Next.PYTHON27(?), ref: 6CCA883D
                                                                                        • PyList_Append.PYTHON27(00000000,00000000), ref: 6CCA8851
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCA88F8
                                                                                        • PyList_Sort.PYTHON27(00000000), ref: 6CCA89AB
                                                                                        • PyList_Reverse.PYTHON27(00000000), ref: 6CCA89B9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugList_OutputString$Iter_Object___iob_func$AppendArg_CheckErrorFatalIterMallocNextParseReverseSequence_SortTupleabortfflushfprintf
                                                                                        • String ID: GC object already tracked$nO:nlargest
                                                                                        • API String ID: 3411264338-810278830
                                                                                        • Opcode ID: 8bb10f7fd4cc5e259b04a327fee5a202711220cf9782af9527732cb1d6e94bbc
                                                                                        • Instruction ID: 8e9aa2aa346d940b1b40327e83461697af7d251170d79f6562c63ef75d6f07a4
                                                                                        • Opcode Fuzzy Hash: 8bb10f7fd4cc5e259b04a327fee5a202711220cf9782af9527732cb1d6e94bbc
                                                                                        • Instruction Fuzzy Hash: 4381B471A006428BD714CFB8D888D5AB3B4AB46338B20472AD57587BE1F735EC87C796
                                                                                        Function 6CDC5FA0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 185stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • Argument expected for the -%c option, xrefs: 6CDC616E
                                                                                        • --version, xrefs: 6CDC6058
                                                                                        • Unknown option: -%c, xrefs: 6CDC610E
                                                                                        • -J is reserved for Jython, xrefs: 6CDC60BB
                                                                                        • --help, xrefs: 6CDC6018
                                                                                        • 3bBc:dEhiJm:OQ:RsStuUvVW:xX?, xrefs: 6CDC60F3
                                                                                        • -X is reserved for implementation-specific arguments, xrefs: 6CDC60EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: __iob_funcfprintf$strchr
                                                                                        • String ID: --help$--version$-J is reserved for Jython$-X is reserved for implementation-specific arguments$3bBc:dEhiJm:OQ:RsStuUvVW:xX?$Argument expected for the -%c option$Unknown option: -%c
                                                                                        • API String ID: 404167010-1173465839
                                                                                        • Opcode ID: b7c0cc9e5dd4917ac93c6243fd98476cb977a13f8e0a362097e128a8da280c6e
                                                                                        • Instruction ID: 25a5a8ddcd80ffd8b5368f4f16ef758e7fdebbadc899aa12404f340b34987654
                                                                                        • Opcode Fuzzy Hash: b7c0cc9e5dd4917ac93c6243fd98476cb977a13f8e0a362097e128a8da280c6e
                                                                                        • Instruction Fuzzy Hash: 675158F270A1408ADB118B3994107BE7BBDAB0332DF180376E899DB9A1D3328546D742
                                                                                        Function 00402520 Relevance: 21.2, APIs: 14, Instructions: 181memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _stricmp.MSVCR90(00000000,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 0040253C
                                                                                        • SetLastError.KERNEL32(0000000B,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 0040255E
                                                                                        • SetLastError.KERNEL32(0000000B,?,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 00402584
                                                                                        • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?), ref: 004025A7
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000004,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 004025BB
                                                                                        • SetLastError.KERNEL32(00000008,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 004025C5
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000028,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 004025D7
                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 004025DE
                                                                                        • _strdup.MSVCR90(?,?,?,004056A8,?,00401D89,?,?,?,00000000,004014CF,?,00000000), ref: 00402606
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000000), ref: 00402625
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00402637
                                                                                        • memcpy.MSVCR90(00000000,?,?), ref: 0040264A
                                                                                        • SetLastError.KERNEL32(0000000B), ref: 0040269F
                                                                                        • free.MSVCR90 ref: 004026B6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Alloc$ErrorLastVirtual$Heap$Process_strdup_stricmpfreememcpy
                                                                                        • String ID:
                                                                                        • API String ID: 2469453545-0
                                                                                        • Opcode ID: 5920acf7b4561dd90e574946742b47aa2b1a423a53400a6d9a2a9baf89e5df49
                                                                                        • Instruction ID: e0f6c52df854575513d4d367151ecfb11016daf14cf6d7b4230d021fbf6e33ad
                                                                                        • Opcode Fuzzy Hash: 5920acf7b4561dd90e574946742b47aa2b1a423a53400a6d9a2a9baf89e5df49
                                                                                        • Instruction Fuzzy Hash: C451B5B2601700AFD7209F68ED48B6B77A8EB84715F14453AFA45E72C1D7B5E8008B99
                                                                                        Function 6CCAA480 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 104fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,s:logreader,?), ref: 6CCAA495
                                                                                        • PyObject_Malloc.PYTHON27(00000018), ref: 6CCAA4AC
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCAA4B8
                                                                                          • Part of subcall function 6CDC0380: PyErr_GivenExceptionMatches.PYTHON27(00000000,6CEE67A8,?,6CD77E82,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CDC0396
                                                                                          • Part of subcall function 6CDC0380: PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CDC03B3
                                                                                        • fopen.MSVCR90 ref: 6CCAA4F4
                                                                                        • PyErr_SetFromErrnoWithFilename.PYTHON27(6CEE4EC0,6CF0C1E0), ref: 6CCAA50F
                                                                                        • PyDict_New.PYTHON27 ref: 6CCAA516
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • fgetc.MSVCR90 ref: 6CCAA52C
                                                                                        • ungetc.MSVCR90 ref: 6CCAA560
                                                                                          • Part of subcall function 6CCA9140: PyDict_GetItem.PYTHON27(?,?), ref: 6CCA9180
                                                                                          • Part of subcall function 6CCA9140: PyList_New.PYTHON27(00000000), ref: 6CCA9193
                                                                                          • Part of subcall function 6CCA9140: PyDict_SetItem.PYTHON27(?,?,00000000), ref: 6CCA91A7
                                                                                        • fgetc.MSVCR90 ref: 6CCAA548
                                                                                        • PyErr_SetString.PYTHON27(6CEE5248,unexpected error), ref: 6CCAA58A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Dict_$FromItemStringfgetc$Arg_ErrnoExceptionFilenameGivenList_MallocMatchesMemoryObjectObject_ParseString_TupleWithfopenungetc
                                                                                        • String ID: s:logreader$unexpected error
                                                                                        • API String ID: 982695279-3143292250
                                                                                        • Opcode ID: ae45670d326c96473adf62a220cd93705383752a856c4c8a4450cd9f60d41960
                                                                                        • Instruction ID: 81d71168d549c3ec4cf01ee7737e678136c3cc59acfc04209bac19f4bf92fa0f
                                                                                        • Opcode Fuzzy Hash: ae45670d326c96473adf62a220cd93705383752a856c4c8a4450cd9f60d41960
                                                                                        • Instruction Fuzzy Hash: BC31FEB5A045076BD7009BE9DC48A9B7378BFC5328F144715E924C7F50F731E8168BA5
                                                                                        Function 6CCA47A0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_ReprEnter.PYTHON27(?), ref: 6CCA47A9
                                                                                          • Part of subcall function 6CD67E70: PyDict_New.PYTHON27 ref: 6CD67E8E
                                                                                          • Part of subcall function 6CD67E70: PyErr_Clear.PYTHON27 ref: 6CD67EA0
                                                                                          • Part of subcall function 6CD67E70: PyString_FromString.PYTHON27(Py_Repr), ref: 6CD67EBB
                                                                                          • Part of subcall function 6CD67E70: PyDict_GetItem.PYTHON27(?,00000000), ref: 6CD67ECB
                                                                                          • Part of subcall function 6CD67E70: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD67F4F
                                                                                          • Part of subcall function 6CD67E70: PyDict_SetItemString.PYTHON27(?,Py_Repr,00000000), ref: 6CD67F81
                                                                                          • Part of subcall function 6CD67E70: PyList_Append.PYTHON27(-000000FF,000000FE), ref: 6CD67FBE
                                                                                        • PyString_FromString.PYTHON27([...]), ref: 6CCA47C3
                                                                                        • PySequence_List.PYTHON27(?), ref: 6CCA47D2
                                                                                        • Py_ReprLeave.PYTHON27(?), ref: 6CCA47E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_String$FromItemReprString_$AppendClearEnterErr_ErrorFatalLeaveListList_Sequence_
                                                                                        • String ID: [...]$deque(%%r, maxlen=%zd)$deque(%r)
                                                                                        • API String ID: 2876697196-1340182754
                                                                                        • Opcode ID: 4765ab221fd5056bf6e04b3ce423f78de315c0c84264767de907d1c587d576ac
                                                                                        • Instruction ID: a54bb9a8e3bcd7e111938874ce3450b6576ba549925d506d54d2c4780a80dcce
                                                                                        • Opcode Fuzzy Hash: 4765ab221fd5056bf6e04b3ce423f78de315c0c84264767de907d1c587d576ac
                                                                                        • Instruction Fuzzy Hash: 1421BAB2D00106679610DBA5BC8189B7398AB8533DF140365EC1D86F51FB26E916C5E2
                                                                                        Function 6CD675A0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__dict__,6CEE9E88,?,?,?,6CD6774A), ref: 6CD675B3
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD675C1
                                                                                        • PyDict_New.PYTHON27 ref: 6CD675C6
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                          • Part of subcall function 6CD671D0: PyObject_GetAttrString.PYTHON27(?,__dict__,00000000,00000000), ref: 6CD671E2
                                                                                          • Part of subcall function 6CD671D0: PyErr_Clear.PYTHON27(00000000), ref: 6CD671F0
                                                                                          • Part of subcall function 6CD671D0: PyObject_GetAttrString.PYTHON27(?,__bases__,?,?,?,00000000), ref: 6CD67227
                                                                                          • Part of subcall function 6CD671D0: PyErr_Clear.PYTHON27(?,?,?,?,?,00000000), ref: 6CD67235
                                                                                        • PyDict_New.PYTHON27 ref: 6CD675E9
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__class__), ref: 6CD67642
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD67650
                                                                                        • PyDict_Keys.PYTHON27(00000000), ref: 6CD67666
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$AttrClearErr_Object_$Dict_$FromKeysString_
                                                                                        • String ID: __class__$__dict__$__members__$__methods__
                                                                                        • API String ID: 3704403498-420438904
                                                                                        • Opcode ID: dbf3aa90ee1b668785885570fcfc1a3bd734586f2713dc330a2f2038e1abc145
                                                                                        • Instruction ID: faa74fa57b3616abb1095bbc03d162a1b683ee13b758de552ac818a2e18aa9d6
                                                                                        • Opcode Fuzzy Hash: dbf3aa90ee1b668785885570fcfc1a3bd734586f2713dc330a2f2038e1abc145
                                                                                        • Instruction Fuzzy Hash: A42128B1E01219BBD6509BEA9C409CF72A85F11338F160364E81547F71FB28E906C6F3
                                                                                        Function 6CCA8CB0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,nO:nsmallest,?,?), ref: 6CCA8CCF
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA8CE4
                                                                                          • Part of subcall function 6CD2FF00: PySequence_Check.PYTHON27(?), ref: 6CD2FF18
                                                                                          • Part of subcall function 6CD2FF00: PySeqIter_New.PYTHON27(?), ref: 6CD2FF25
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA8D31
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • PyIter_Next.PYTHON27(?), ref: 6CCA8D6B
                                                                                        • PyList_Append.PYTHON27(00000000,00000000), ref: 6CCA8D7F
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCA8E29
                                                                                        • PyList_Sort.PYTHON27(00000000), ref: 6CCA8EDA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$Iter_List_Object___iob_func$AppendArg_CheckErrorFatalIterMallocNextParseSequence_SortTupleabortfflushfprintf
                                                                                        • String ID: GC object already tracked$nO:nsmallest
                                                                                        • API String ID: 2828585347-243241408
                                                                                        • Opcode ID: 26315791800464b7cf56af49d5b9599caa5b145e5f0fdd1aaefee0dc4feb0dae
                                                                                        • Instruction ID: 9114429a9d8a36471bd8039b4b32f7eeb1074f4e8df2804a2c8aec2a48f7f581
                                                                                        • Opcode Fuzzy Hash: 26315791800464b7cf56af49d5b9599caa5b145e5f0fdd1aaefee0dc4feb0dae
                                                                                        • Instruction Fuzzy Hash: F58192B5A006438FC700CFA8DC88D5673B5BB49338B24476AE5658BB91F735E84BCB91
                                                                                        Function 6CCB6600 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_Size.PYTHON27(?), ref: 6CCB6625
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%s() takes at most %d positional arguments (%zd given),findall,00000003,?), ref: 6CCB6651
                                                                                        • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON27(7FFFFFFF,?,|OnnO:findall,6CF00E04,?,?,7FFFFFFF,?), ref: 6CCB667D
                                                                                        • PyList_New.PYTHON27(00000000), ref: 6CCB66CE
                                                                                        • PyTuple_New.PYTHON27(7FFFFFFF,?), ref: 6CCB6751
                                                                                        • PyList_Append.PYTHON27(?,00000000,?,?,?), ref: 6CCB67F7
                                                                                          • Part of subcall function 6CCB5F50: PySequence_GetSlice.PYTHON27(6CEDFB7C,?,?), ref: 6CCB5F93
                                                                                        • PySequence_GetSlice.PYTHON27(?,?,?,?), ref: 6CCB67E4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: List_Sequence_SizeSlice$AppendArg_Dict_Err_FormatKeywords_ParseTupleTuple_
                                                                                        • String ID: %s() takes at most %d positional arguments (%zd given)$findall$source$|OnnO:findall
                                                                                        • API String ID: 41004728-684798393
                                                                                        • Opcode ID: 5a948faa337572fac9d05106ede1a952ed2356b4223f1486193bd7996a110e46
                                                                                        • Instruction ID: 5759e57763989df6a6727b67a06bed4e9180b96bc38baf161f813fc88ad5d580
                                                                                        • Opcode Fuzzy Hash: 5a948faa337572fac9d05106ede1a952ed2356b4223f1486193bd7996a110e46
                                                                                        • Instruction Fuzzy Hash: 93717471D00515ABCB19DFE5DC80ADAB3B9BB44314F1482A9E928F7740EB32EE55CB90
                                                                                        Function 6CCA6E80 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CCA6E95
                                                                                          • Part of subcall function 6CD2DF00: PyObject_GetAttrString.PYTHON27(?,__getitem__), ref: 6CD2DF1A
                                                                                        • PyErr_Format.PYTHON27(00000000,sequence expected), ref: 6CCA6EAD
                                                                                        • PySequence_Size.PYTHON27(?), ref: 6CCA6EBD
                                                                                        • PySequence_GetItem.PYTHON27(?,?), ref: 6CCA6EF0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sequence_$AttrCheckErr_FormatItemObject_SizeString
                                                                                        • String ID: (s#)$sequence expected$2l
                                                                                        • API String ID: 2976514168-3215138543
                                                                                        • Opcode ID: 5b0864b3da604e01e63c78aa44f352b53b03ea585bbaf5170f27865c9f40d313
                                                                                        • Instruction ID: 6379fdc92426e7cce595b68d615e7e9fb4277ed6c61b407779c370bd417fe593
                                                                                        • Opcode Fuzzy Hash: 5b0864b3da604e01e63c78aa44f352b53b03ea585bbaf5170f27865c9f40d313
                                                                                        • Instruction Fuzzy Hash: 4951C1B29106069BC710CFA9CD84A9E73B4BB48368F248269E818D7B50F735EE47C791
                                                                                        Function 6CD2E7C0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E7E4
                                                                                        • PyList_AsTuple.PYTHON27(?), ref: 6CD2E80E
                                                                                          • Part of subcall function 6CD5C3D0: PyTuple_New.PYTHON27(?), ref: 6CD5C3F1
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CD2E81D
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2E7DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_IterList_Object_StringTupleTuple_
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 2917739512-2212441169
                                                                                        • Opcode ID: 1be0b2dd3ef30a90b7eb06a3aef50b9fb7abbbc0e23080223b2749bea3b0ee3c
                                                                                        • Instruction ID: 0f08b68fe02880b0557d972bbbf6ecfd1dd79a7767daee700abcbdd6e7aba30d
                                                                                        • Opcode Fuzzy Hash: 1be0b2dd3ef30a90b7eb06a3aef50b9fb7abbbc0e23080223b2749bea3b0ee3c
                                                                                        • Instruction Fuzzy Hash: AF51E476E005109BC710CBB4D8408DAB3B8EB8533DB240365EE5887B61E739EA55D7E1
                                                                                        Function 6CD2F990 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 158COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(__class__,?,?,?,?,6CD2FC7B,?), ref: 6CD2F9A7
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD2F9BA
                                                                                        • PyClass_IsSubclass.PYTHON27(?,?,?,?,?,?,?,6CD2FC7B,?), ref: 6CD2F9F7
                                                                                        • PyType_IsSubtype.PYTHON27(?,?,?,?,?,?,?,6CD2FC7B,?), ref: 6CD2FA1A
                                                                                        • PyObject_GetAttr.PYTHON27(?,?), ref: 6CD2FA2A
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD2FA38
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD2FA6A
                                                                                        • PyObject_GetAttr.PYTHON27(?,?), ref: 6CD2FAB1
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD2FABF
                                                                                        Strings
                                                                                        • isinstance() arg 2 must be a class, type, or tuple of classes and types, xrefs: 6CD2FA8E
                                                                                        • __class__, xrefs: 6CD2F9A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttrClearErr_Object_String_SubtypeType_$Class_FromInternPlaceStringSubclass
                                                                                        • String ID: __class__$isinstance() arg 2 must be a class, type, or tuple of classes and types
                                                                                        • API String ID: 4175812343-2868327839
                                                                                        • Opcode ID: 1a0f46822057795940e87a01aced50c06e0ebd7dded20884379f2f26a4d19c9b
                                                                                        • Instruction ID: 40369324b501677586d462fe984b114147590998f43eaefb658dec3568d7b11f
                                                                                        • Opcode Fuzzy Hash: 1a0f46822057795940e87a01aced50c06e0ebd7dded20884379f2f26a4d19c9b
                                                                                        • Instruction Fuzzy Hash: 3441E577B01110978B10DB69AC819EAB3A9DB8527DB180779EE1CC7B50E73ADC1583F1
                                                                                        Function 6CD5E150 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 150COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,000003B2), ref: 6CD5E178
                                                                                        • PyInt_AsLong.PYTHON27(?), ref: 6CD5E1A7
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5E172
                                                                                        • an integer is required, xrefs: 6CD5E273
                                                                                        • ..\Objects\longobject.c, xrefs: 6CD5E16D
                                                                                        • integer conversion failed, xrefs: 6CD5E253
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatInt_Long
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\longobject.c$an integer is required$integer conversion failed
                                                                                        • API String ID: 651860925-798106294
                                                                                        • Opcode ID: ebe727fc7ab66462498792ccdc3a9f7ea451cd789cf2d59fec4cea993f81f459
                                                                                        • Instruction ID: c06a2f886fe908f2779dc37a123c464c7cf1e0325d54bc734bddc19a7c00172a
                                                                                        • Opcode Fuzzy Hash: ebe727fc7ab66462498792ccdc3a9f7ea451cd789cf2d59fec4cea993f81f459
                                                                                        • Instruction Fuzzy Hash: 49412B76F0110057D610EBA9AC41E977399DB84234F64477AFD28C7BD0EA26D82682E2
                                                                                        Function 6CDC5D90 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                        • PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%s expected %s%zd arguments, got %zd,00000002,6CDEAF8E,6CDEAF8E,?), ref: 6CDC5E0F
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,unpacked tuple should have %s%zd elements, but has %zd,6CDEAF8E,6CDEAF8E,?), ref: 6CDC5E38
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%s expected %s%zd arguments, got %zd,00000002,6CDEAF8E,6CDEAF8E,?), ref: 6CDC5E74
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,unpacked tuple should have %s%zd elements, but has %zd,6CDEAF8E,6CDEAF8E,?), ref: 6CDC5EA0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Format$FromObjectStringString_
                                                                                        • String ID: %s expected %s%zd arguments, got %zd$PyArg_UnpackTuple() argument list is not a tuple$at least $at most $unpacked tuple should have %s%zd elements, but has %zd
                                                                                        • API String ID: 542344229-3688193887
                                                                                        • Opcode ID: 58adf8f8d2edb9cf42bbde801b3cc26aa6c68a7009889fc879fe7e260e80a600
                                                                                        • Instruction ID: 746fae361221095029275fbbf7f5d8d1edf9d2d1cc41f52f943f586eb7357229
                                                                                        • Opcode Fuzzy Hash: 58adf8f8d2edb9cf42bbde801b3cc26aa6c68a7009889fc879fe7e260e80a600
                                                                                        • Instruction Fuzzy Hash: B5411676B05104AFDA00DF58EC419AB73BCDB95368B208669FC18DBB10FA21FC1197E2
                                                                                        Function 6CD39450 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • PyCapsule_Import "%s" is not valid, xrefs: 6CD3958A
                                                                                        • PyCapsule_Import could not import module "%s", xrefs: 6CD39570
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: PyCapsule_Import "%s" is not valid$PyCapsule_Import could not import module "%s"
                                                                                        • API String ID: 0-4167395026
                                                                                        • Opcode ID: ab5ec09ebda6bc43411bf7b37731fd3d95acf1e1519cb8c87bcaed2688f7fd04
                                                                                        • Instruction ID: ac1bf5f60a873c5e4b7a7fa7d24f108251938f6d47cfdfec5a2e03f3d115c076
                                                                                        • Opcode Fuzzy Hash: ab5ec09ebda6bc43411bf7b37731fd3d95acf1e1519cb8c87bcaed2688f7fd04
                                                                                        • Instruction Fuzzy Hash: D44128B6A016219BC7119F74D88089F77B89F86768B145218ED2C87B60EF32D985C7E1
                                                                                        Function 6CDC3940 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyOS_snprintf.PYTHON27(?,00000200,%.200s() ,?,?,?), ref: 6CDC3993
                                                                                        • PyOS_snprintf.PYTHON27(?,?,argument %d,?,?,?), ref: 6CDC39C1
                                                                                        • PyOS_snprintf.PYTHON27(?,?,, item %d,?,?,?,?,?), ref: 6CDC3A08
                                                                                        • PyOS_snprintf.PYTHON27(?,?,argument,?,?), ref: 6CDC3A35
                                                                                        • PyOS_snprintf.PYTHON27(?,?, %.256s,?,?,?,?), ref: 6CDC3A60
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,6CDC59A9,?,?), ref: 6CDC3A75
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: S_snprintf$Err_String
                                                                                        • String ID: %.256s$%.200s() $, item %d$argument$argument %d
                                                                                        • API String ID: 2015450010-3294918661
                                                                                        • Opcode ID: f8bfebddaf49da53cdbcff0a2c5c7d79561dbbeb8312e22f9c9a60eeaa86bba2
                                                                                        • Instruction ID: 4333852cd83fe407fa9d295bfc54d5cbbf541c4fd7444abf11030c271fda117e
                                                                                        • Opcode Fuzzy Hash: f8bfebddaf49da53cdbcff0a2c5c7d79561dbbeb8312e22f9c9a60eeaa86bba2
                                                                                        • Instruction Fuzzy Hash: D5410176B001199FC701CF68CD98AEA37BD9B85308F148690E858D7A25EB30DB09C7D2
                                                                                        Function 6CDA07B0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 110stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: strchrstrncpy$FileModuleName$_stat64i32getenv
                                                                                        • String ID: PATH
                                                                                        • API String ID: 2662838222-1036084923
                                                                                        • Opcode ID: b4646b96b2b7bcd30f071a1c1429ae56e3be581cdfd72b8a497a90731fd3b05d
                                                                                        • Instruction ID: afdf1d03a6965aa83ff2f51a2ef454cb940d8c758058b8238efe7354a7975587
                                                                                        • Opcode Fuzzy Hash: b4646b96b2b7bcd30f071a1c1429ae56e3be581cdfd72b8a497a90731fd3b05d
                                                                                        • Instruction Fuzzy Hash: 3B318931B05341ABE71067E58C00B47BB788F463D9F150125FD6EA7A40EA2AFC1586EA
                                                                                        Function 6CCA46C0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__dict__), ref: 6CCA46CF
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA46DD
                                                                                        • PySequence_List.PYTHON27(?), ref: 6CCA46E3
                                                                                        • Py_BuildValue.PYTHON27(O(O),?,00000000), ref: 6CCA4723
                                                                                        • Py_BuildValue.PYTHON27(O(On),?,00000000,?), ref: 6CCA473A
                                                                                        • Py_BuildValue.PYTHON27(O(On)O,?,00000000,?,00000000), ref: 6CCA4768
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuildValue$AttrClearErr_ListObject_Sequence_String
                                                                                        • String ID: O(O)$O(OO)O$O(On)$O(On)O$__dict__
                                                                                        • API String ID: 2089117489-2102791102
                                                                                        • Opcode ID: 695f319ce6a0fee8697922a1c629e0daa2b435fe1ddc18507f35daf706a756bb
                                                                                        • Instruction ID: d53f21d4c89b50f44bfc8a5089d7b07ea0032016e5e86793b8829eaaa7598770
                                                                                        • Opcode Fuzzy Hash: 695f319ce6a0fee8697922a1c629e0daa2b435fe1ddc18507f35daf706a756bb
                                                                                        • Instruction Fuzzy Hash: D32195B65045036B9200D7A99C85CA773BDAA863787144724F529C7B90FB25EC07CBF2
                                                                                        Function 6CCA57B0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_InitModule4.PYTHON27(_collections,00000000,High performance data structures.- deque: ordered collection accessible from endpoints only- defaultdict: dict subclass with a default value factory,00000000,000003F5), ref: 6CCA57C4
                                                                                        • PyType_Ready.PYTHON27(6CF0FF60), ref: 6CCA57D7
                                                                                        • PyModule_AddObject.PYTHON27(00000000,deque,6CF0FF60), ref: 6CCA57F4
                                                                                          • Part of subcall function 6CDCEC70: PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        • PyType_Ready.PYTHON27(6CF104E8,00000000,deque,6CF0FF60), ref: 6CCA5808
                                                                                        • PyModule_AddObject.PYTHON27(00000000,defaultdict,6CF104E8), ref: 6CCA5825
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs non-NULL value,00000000,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCECCB
                                                                                        • PyType_Ready.PYTHON27(6CF10080,00000000,defaultdict,6CF104E8), ref: 6CCA582F
                                                                                        • PyType_Ready.PYTHON27(6CF10148), ref: 6CCA5840
                                                                                        Strings
                                                                                        • defaultdict, xrefs: 6CCA581F
                                                                                        • High performance data structures.- deque: ordered collection accessible from endpoints only- defaultdict: dict subclass with a default value factory, xrefs: 6CCA57B8
                                                                                        • _collections, xrefs: 6CCA57BF
                                                                                        • deque, xrefs: 6CCA57EE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type_$Ready$Err_Module_ObjectString$InitModule4Subtype
                                                                                        • String ID: High performance data structures.- deque: ordered collection accessible from endpoints only- defaultdict: dict subclass with a default value factory$_collections$defaultdict$deque
                                                                                        • API String ID: 1447583621-1048529482
                                                                                        • Opcode ID: f025a19b9725e23aac9b82b9ea0d91d858e292ab956eb1c3fc817007d0f532eb
                                                                                        • Instruction ID: a941aee1fa753a617b8b72ec5f956e2d5f7d4a21a92bac74ff5cf80e57719b17
                                                                                        • Opcode Fuzzy Hash: f025a19b9725e23aac9b82b9ea0d91d858e292ab956eb1c3fc817007d0f532eb
                                                                                        • Instruction Fuzzy Hash: ECF02B71F8165133F6B023A81C07FA931288B1250DF100816FC1861F72FB65A53986BF
                                                                                        Function 6CD2C680 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 339COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD2C6E0
                                                                                        • PyNumber_CoerceEx.PYTHON27(00000000,?), ref: 6CD2C805
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,number coercion failed), ref: 6CD2C85F
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,unsupported operand type(s) for ** or pow(): '%.100s' and '%.100s',?,?), ref: 6CD2C895
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,unsupported operand type(s) for pow(): '%.100s', '%.100s', '%.100s',?,?,?), ref: 6CD2C9E9
                                                                                        Strings
                                                                                        • number coercion failed, xrefs: 6CD2C859
                                                                                        • unsupported operand type(s) for pow(): '%.100s', '%.100s', '%.100s', xrefs: 6CD2C9E3
                                                                                        • unsupported operand type(s) for ** or pow(): '%.100s' and '%.100s', xrefs: 6CD2C88F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Format$CoerceNumber_StringSubtypeType_
                                                                                        • String ID: number coercion failed$unsupported operand type(s) for ** or pow(): '%.100s' and '%.100s'$unsupported operand type(s) for pow(): '%.100s', '%.100s', '%.100s'
                                                                                        • API String ID: 3280144513-1853844853
                                                                                        • Opcode ID: ab11b0a66a2dcf65b883111c7e98c377d02877674b8afa4cb3ee8592ab8a2238
                                                                                        • Instruction ID: 565241e72cef855118997ce108d6736dfb3e040eccb0cd3aa9de8e05a3828a6d
                                                                                        • Opcode Fuzzy Hash: ab11b0a66a2dcf65b883111c7e98c377d02877674b8afa4cb3ee8592ab8a2238
                                                                                        • Instruction Fuzzy Hash: 57C1B475A00105DFEB00EF54C880E9AB7B5FF88328F258658ED199B761D739ED42DBA0
                                                                                        Function 6CD75500 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 276COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_AsStringAndSize.PYTHON27(00000000,?,?), ref: 6CD7558E
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,string too large in _PyString_FormatLong), ref: 6CD755B1
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CD756AE
                                                                                        • memset.MSVCR90 ref: 6CD75714
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$SizeString_$Err_Frommemset
                                                                                        • String ID: %%%c format: invalid result of __%s__ (type=%.200s)$(Vl$X$hl$string too large in _PyString_FormatLong
                                                                                        • API String ID: 2702482383-2714406870
                                                                                        • Opcode ID: 89002370f74e5462128f0f6d967157e1a972cd65d77f2793d13951a0cac28cb1
                                                                                        • Instruction ID: 4472dba1712ac9b3976403a70f961dd51d35e0a7c7396d9ce5faeaf803b1b55d
                                                                                        • Opcode Fuzzy Hash: 89002370f74e5462128f0f6d967157e1a972cd65d77f2793d13951a0cac28cb1
                                                                                        • Instruction Fuzzy Hash: F2A11AB5E04206DFDB14CFA8C880AAEB7B5BF45318F28429DD81457B61E735DD06CBA2
                                                                                        Function 6CCA7EC0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,OOOO,?,?,?,?), ref: 6CCA7EF9
                                                                                        • PyCallable_Check.PYTHON27(?), ref: 6CCA7F0E
                                                                                          • Part of subcall function 6CD67170: PyObject_GetAttrString.PYTHON27(6CD2F42C,__call__,?,6CD2F42C,00000000), ref: 6CD6718B
                                                                                          • Part of subcall function 6CD67170: PyErr_Clear.PYTHON27(6CD2F42C,00000000), ref: 6CD67197
                                                                                        • PySequence_Tuple.PYTHON27(?), ref: 6CCA7F54
                                                                                        • PyDict_New.PYTHON27 ref: 6CCA7F7A
                                                                                        • PyDict_Copy.PYTHON27(?), ref: 6CCA7F8F
                                                                                          • Part of subcall function 6CD466F0: PyDict_New.PYTHON27 ref: 6CD4670B
                                                                                          • Part of subcall function 6CD466F0: PyDict_Merge.PYTHON27(00000000,?,00000001), ref: 6CD4671A
                                                                                        • PyString_FromString.PYTHON27(invalid partial state), ref: 6CCA8079
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,invalid partial state), ref: 6CCA8082
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_$Err_StringTuple$Arg_AttrCallable_CheckClearCopyFromMergeObjectObject_ParseSequence_String_
                                                                                        • String ID: (}l$OOOO$invalid partial state
                                                                                        • API String ID: 632166634-1679672746
                                                                                        • Opcode ID: a4ae34ca4801b12cade7a1370ee9c918b2a2cc4528c55ee6b45e4cac71861b5c
                                                                                        • Instruction ID: 4974abf9fcd002884dd5a66d6e65b8c31b269c964a0209bc8133a65244e0b11b
                                                                                        • Opcode Fuzzy Hash: a4ae34ca4801b12cade7a1370ee9c918b2a2cc4528c55ee6b45e4cac71861b5c
                                                                                        • Instruction Fuzzy Hash: F25192719043029FC300DF95D845D5A73F4FB89324F248A6DE8698BBA1E735E947CB92
                                                                                        Function 6CD6FFF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 142COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(string is too large to make repr), ref: 6CD70014
                                                                                        • PyErr_SetObject.PYTHON27(6CEE63F8,00000000,string is too large to make repr), ref: 6CD7001D
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CD7004D
                                                                                        • memchr.MSVCR90 ref: 6CD7007D
                                                                                        • memchr.MSVCR90 ref: 6CD7008D
                                                                                        • _PyString_Resize.PYTHON27(?,00000002), ref: 6CD70144
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$FromStringmemchr$Err_ObjectResizeSize
                                                                                        • String ID: "$\x%02x$string is too large to make repr
                                                                                        • API String ID: 2120926971-3051697336
                                                                                        • Opcode ID: c68daa85cdb7b6a87b0db6783dc4cb67983799a26cc14417164a4c844a552ed8
                                                                                        • Instruction ID: b2f432fa18d1491e7d9d397de7e6f410f13bf1a8dfcf287f536d4265b6aa59f3
                                                                                        • Opcode Fuzzy Hash: c68daa85cdb7b6a87b0db6783dc4cb67983799a26cc14417164a4c844a552ed8
                                                                                        • Instruction Fuzzy Hash: 7D4129315082C1DBD7208F28D84475BBBE4AF86368F14495EECD987B92D376A44AC7F2
                                                                                        Function 6CD67E70 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 131COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_New.PYTHON27 ref: 6CD67E8E
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD67EA0
                                                                                        • PyString_FromString.PYTHON27(Py_Repr), ref: 6CD67EBB
                                                                                        • PyDict_GetItem.PYTHON27(?,00000000), ref: 6CD67ECB
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CD67F15
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD67F4F
                                                                                        • PyDict_SetItemString.PYTHON27(?,Py_Repr,00000000), ref: 6CD67F81
                                                                                        • PyList_Append.PYTHON27(-000000FF,000000FE), ref: 6CD67FBE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_String$FromItemString_$AppendClearErr_ErrorFatalList_MallocObject_
                                                                                        • String ID: GC object already tracked$Py_Repr
                                                                                        • API String ID: 2081235056-2690712102
                                                                                        • Opcode ID: 1bce28a4e745b894ba5713b9498f0df354f011fd2269115f545f06e076b1c8e6
                                                                                        • Instruction ID: 85c5f8d61bead2cdbd838acbb4b4216406dd6cbb45a5010267a3b0a1ee3f6591
                                                                                        • Opcode Fuzzy Hash: 1bce28a4e745b894ba5713b9498f0df354f011fd2269115f545f06e076b1c8e6
                                                                                        • Instruction Fuzzy Hash: 794148B2A005059BC720CF6AD840956B3F4FB85338B314729E52887FA1E732E886C7E0
                                                                                        Function 6CD671D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__dict__,00000000,00000000), ref: 6CD671E2
                                                                                        • PyErr_Clear.PYTHON27(00000000), ref: 6CD671F0
                                                                                        • PyDict_Merge.PYTHON27(?,00000000,00000001,00000000), ref: 6CD671FE
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__bases__,?,?,?,00000000), ref: 6CD67227
                                                                                        • PyErr_Clear.PYTHON27(?,?,?,?,?,00000000), ref: 6CD67235
                                                                                        • PySequence_Size.PYTHON27(00000000,?,?,?,?,?,00000000), ref: 6CD67244
                                                                                          • Part of subcall function 6CD2DF70: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2DF90
                                                                                        • PyErr_Clear.PYTHON27(?,?,?,?,?,?,00000000), ref: 6CD67253
                                                                                        • PySequence_GetItem.PYTHON27(00000000,00000000,?,?,?,?,?,?,00000000), ref: 6CD6727A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ClearString$AttrObject_Sequence_$Dict_ItemMergeSize
                                                                                        • String ID: __bases__$__dict__
                                                                                        • API String ID: 3363665311-2230943850
                                                                                        • Opcode ID: aa98cf90e415cf39b02b1e8558d79f250e87414e3d4e96d3345d73efe8bbe851
                                                                                        • Instruction ID: 0bfeeb3c17574d5a29f4b36448a94d47a9c97cafc5aafd53c68ed7cf297792a8
                                                                                        • Opcode Fuzzy Hash: aa98cf90e415cf39b02b1e8558d79f250e87414e3d4e96d3345d73efe8bbe851
                                                                                        • Instruction Fuzzy Hash: 73312C76900105A7C7009BB6AC408CF73A4AF85339F250365F92C47F90EB35E956C6E2
                                                                                        Function 6CCAFD10 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,s:strxfrm,?), ref: 6CCAFD21
                                                                                        • malloc.MSVCR90 ref: 6CCAFD59
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCAFD68
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_Err_MemoryParseTuplemalloc
                                                                                        • String ID: s:strxfrm
                                                                                        • API String ID: 4029166403-969976757
                                                                                        • Opcode ID: 740d45c49e29d7c5d7d4677823790419a3d3b135fb6f7a49ac5ffa6497be8573
                                                                                        • Instruction ID: 7dd518cdf814d2429ec8215b9e7087bd70381edf6454d2003707da608d10b635
                                                                                        • Opcode Fuzzy Hash: 740d45c49e29d7c5d7d4677823790419a3d3b135fb6f7a49ac5ffa6497be8573
                                                                                        • Instruction Fuzzy Hash: EF11D832F041176B97129BE56C489DE77BCCF8636DB1403A5FD0C97B00E632891A43E1
                                                                                        Function 6CDCEC70 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs non-NULL value,00000000,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCECCB
                                                                                        • PyModule_GetDict.PYTHON27(?,00000000,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCECDB
                                                                                        • PyModule_GetName.PYTHON27(?,6CF0FF60), ref: 6CDCECE8
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,module '%s' has no __dict__,00000000,?,6CF0FF60), ref: 6CDCECF9
                                                                                        Strings
                                                                                        • module '%s' has no __dict__, xrefs: 6CDCECF3
                                                                                        • PyModule_AddObject() needs non-NULL value, xrefs: 6CDCECC5
                                                                                        • PyModule_AddObject() needs module as first arg, xrefs: 6CDCEC98
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Module_String$DictFormatNameSubtypeType_
                                                                                        • String ID: PyModule_AddObject() needs module as first arg$PyModule_AddObject() needs non-NULL value$module '%s' has no __dict__
                                                                                        • API String ID: 1633787680-2614671564
                                                                                        • Opcode ID: ec6be3bd3e7c5b10203d5c806025bddf3b19d290eb95c3fd3fd9c905b37f56c9
                                                                                        • Instruction ID: b8db472ce3fb33b3030ef0e19cbe0a3c210270cc2b7afff0434812d7d0ff2198
                                                                                        • Opcode Fuzzy Hash: ec6be3bd3e7c5b10203d5c806025bddf3b19d290eb95c3fd3fd9c905b37f56c9
                                                                                        • Instruction Fuzzy Hash: FD11D3BAF00105A7C60197AEBC4199A337C9F8137D7244B25F92CC7FA1E739E45686E2
                                                                                        Function 6CCAE1E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(null,?,?,6CCAE6AF,-00000010,00000000,?,?,?,6CCAE1B8,000000FE,00000000,?,?), ref: 6CCAE1F9
                                                                                        • PyString_InternInPlace.PYTHON27(?,?), ref: 6CCAE20C
                                                                                        • PyString_InternFromString.PYTHON27(true,?,?,6CCAE6AF,-00000010,00000000,?,?,?,6CCAE1B8,000000FE,00000000,?,?), ref: 6CCAE23B
                                                                                        • PyString_InternFromString.PYTHON27(false,?,?,6CCAE6AF,-00000010,00000000,?,?,?,6CCAE1B8,000000FE,00000000,?,?), ref: 6CCAE267
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,not a const,?,?,6CCAE6AF,-00000010,00000000,?,?,?,6CCAE1B8,000000FE,00000000,?,?), ref: 6CCAE28A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: StringString_$FromIntern$Err_Place
                                                                                        • String ID: false$not a const$null$true$cl
                                                                                        • API String ID: 2245657807-624960602
                                                                                        • Opcode ID: 775ee2b8148ea32c219a7d709bb3041bc605191bf8a93cd836dc6ca010c93491
                                                                                        • Instruction ID: f80ba0b2968b566e525db0d073cc70445610ccf7bc3fe180222a49ed47a5728d
                                                                                        • Opcode Fuzzy Hash: 775ee2b8148ea32c219a7d709bb3041bc605191bf8a93cd836dc6ca010c93491
                                                                                        • Instruction Fuzzy Hash: 32110AB1F102075BAB00CFE5A885A1A3778A749358714076CDC08CBF11FB36E62592E2
                                                                                        Function 6CDE1420 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$__iob_func$abortfflushfprintf
                                                                                        • String ID: Fatal Python error: $Fatal Python error: %s
                                                                                        • API String ID: 3980557677-2081719472
                                                                                        • Opcode ID: a4294548307d98e5cf4260f45dfb2bfef21b4c9dc5970655e7d578a15a8e7f18
                                                                                        • Instruction ID: 63ad70e3d4221ad1286104bf87ff5a3c651347f95032af8d7df1eb03d92fa856
                                                                                        • Opcode Fuzzy Hash: a4294548307d98e5cf4260f45dfb2bfef21b4c9dc5970655e7d578a15a8e7f18
                                                                                        • Instruction Fuzzy Hash: 32010832A0011AABDB009B79CC548AF7FBCEF0E2543540455E94AE7310DE30E9048BE0
                                                                                        Function 6CD4C8E0 Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 135stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: strchr$strncmp
                                                                                        • String ID: +TD$btcnSR$ccs$rwa$!l$!l
                                                                                        • API String ID: 2197385779-395516359
                                                                                        • Opcode ID: 5c9e23ff61e82936f18750abf829f39d483566732eee5f18ebf86ed8576c588e
                                                                                        • Instruction ID: 6aed4bef6e9a3391a2928629805e49dd2e0c28a555abc9249f1a7a054ffc8739
                                                                                        • Opcode Fuzzy Hash: 5c9e23ff61e82936f18750abf829f39d483566732eee5f18ebf86ed8576c588e
                                                                                        • Instruction Fuzzy Hash: FF419052904352BFF7206BB64C46369BFF49FD6389F28816DCFCAE6D61EB20454A8350
                                                                                        Function 6CD40880 Relevance: 16.6, APIs: 11, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: _finite$_errno$_isnan$_hypot
                                                                                        • String ID:
                                                                                        • API String ID: 2539433571-0
                                                                                        • Opcode ID: 2feb6af50c87279cabbb9b0936ca9f19c7729385e45863e8f780c03ac2a8c63e
                                                                                        • Instruction ID: 080f145f27556190e64f72105a263f780d6f104f43e79eb4ba4d2b5534f21bf9
                                                                                        • Opcode Fuzzy Hash: 2feb6af50c87279cabbb9b0936ca9f19c7729385e45863e8f780c03ac2a8c63e
                                                                                        • Instruction Fuzzy Hash: 1C317E3160460AC7DB003F29FD0919EBFB8EF49256F4605A9EDC881160EF329878C7A6
                                                                                        Function 6CD5D640 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,000000F4), ref: 6CD5D67A
                                                                                        • PyInt_AsLong.PYTHON27(6CD571C0), ref: 6CD5D69A
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5D674
                                                                                        • an integer is required, xrefs: 6CD5D72B
                                                                                        • ..\Objects\longobject.c, xrefs: 6CD5D66F
                                                                                        • nb_int should return int object, xrefs: 6CD5D70D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatInt_Long
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\longobject.c$an integer is required$nb_int should return int object
                                                                                        • API String ID: 651860925-140860544
                                                                                        • Opcode ID: 55182b4dd4487a125c165a917e504997a264b4eb06912ddcb237c2ad115af155
                                                                                        • Instruction ID: 4f6f9519decac89b0aeb3a6a2345e1e16a7d5e7f0c77e5ee037410125ef43950
                                                                                        • Opcode Fuzzy Hash: 55182b4dd4487a125c165a917e504997a264b4eb06912ddcb237c2ad115af155
                                                                                        • Instruction Fuzzy Hash: 0D51F9756046018FDE10EF69D94075AB3A4EB81338F64471AED7AC7BE0E731D826C7A1
                                                                                        Function 6CCABE19 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "$"$Invalid \escape$Invalid \uXXXX escape$\$\
                                                                                        • API String ID: 0-2658592163
                                                                                        • Opcode ID: b6f691a0c27a0e42fc0afa7733ebb815e888aeed03e360635687b04c26db0735
                                                                                        • Instruction ID: 45265bb8b64e5eb4926495cd09107827f9364c4c7c1bb2fbc36a02ae6b36d3d5
                                                                                        • Opcode Fuzzy Hash: b6f691a0c27a0e42fc0afa7733ebb815e888aeed03e360635687b04c26db0735
                                                                                        • Instruction Fuzzy Hash: A6510531D0461B9BC7108FA9D8686AA73B1EF81338F190759E9A547AA0F731D803CBD2
                                                                                        Function 6CD69C30 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(850C2444,?,?,6CEDF440,?,?,?,?,?,?,6CD3F060,00000000), ref: 6CD69C5B
                                                                                        • PyType_IsSubtype.PYTHON27(850C2444,?,?,6CEDF440,?,?,?,?,?,?,6CD3F060,00000000), ref: 6CD69C71
                                                                                        • PyDict_Size.PYTHON27(6CD3F060,?,?,?,6CEDF440,?,?,?,?,?,?,6CD3F060,00000000), ref: 6CD69C91
                                                                                        • _PyDict_Next.PYTHON27(6CD3F060,?,?,?,?,?,?,?,?,6CEDF440), ref: 6CD69CE0
                                                                                        • _PyDict_Next.PYTHON27(6CD3F060,?,?,?,?,?,?,?,?,?,?,?,?,?,6CEDF440), ref: 6CD69D20
                                                                                          • Part of subcall function 6CD68F50: PyErr_NoMemory.PYTHON27(6CD3F060,00000000,?,?,?,?,?,?,?,?,?,?,?,6CD6978E,00000000,850C2444), ref: 6CD68F70
                                                                                        • PyObject_GetIter.PYTHON27(6CD3F060,?,?,?,6CEDF440,?,?,?,?,?,?,6CD3F060,00000000), ref: 6CD69D34
                                                                                        • PyIter_Next.PYTHON27(00000000,?,?,?,?,6CEDF440,?,?,?,?,?,?,6CD3F060,00000000), ref: 6CD69D47
                                                                                        • PyIter_Next.PYTHON27(00000000,?,?,?,?,?,6CEDF440,?,?,?,?,?,?,6CD3F060,00000000), ref: 6CD69D75
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Next$Dict_$Iter_SubtypeType_$Err_IterMemoryObject_Size
                                                                                        • String ID: (}l
                                                                                        • API String ID: 1672250434-235804483
                                                                                        • Opcode ID: 86c0df3062b0d49d7723adc1ba5de82bd3478dd357d5272c7ca4d9f141c9d560
                                                                                        • Instruction ID: 1970a72ccd08127e1bdd79e362e526511b55ed20e30bbdfdd2accb4aa0607d45
                                                                                        • Opcode Fuzzy Hash: 86c0df3062b0d49d7723adc1ba5de82bd3478dd357d5272c7ca4d9f141c9d560
                                                                                        • Instruction Fuzzy Hash: 2F41F772A0010597CB00DB6ADC818EE73B89F81239F154779DD2997FA1E734E91ACBE1
                                                                                        Function 6CD79140 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyTuple_New.PYTHON27(00000000,00000000,00000000,?), ref: 6CD7919A
                                                                                        • _PyObject_GC_Resize.PYTHON27(00000000,00000000,00000000,00000000,?), ref: 6CD7920E
                                                                                        • PyObject_GC_Del.PYTHON27(00000000,00000000,?), ref: 6CD79222
                                                                                        • memset.MSVCR90 ref: 6CD79250
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked,00000000,?), ref: 6CD7926B
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,0000034E,00000000,00000000,?), ref: 6CD792D0
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD79266
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD792C5
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD792CA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$Err_ErrorFatalFormatResizeTuple_memset
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c$GC object already tracked
                                                                                        • API String ID: 3323702923-2731488381
                                                                                        • Opcode ID: 59a706e87ca85010e54a2c661b87f99c7f5816507b12b6790a07d7da05152a3c
                                                                                        • Instruction ID: fe92447afa57c771d9f345c81a2427f95923b8d2857358378ff3c5fc2199b916
                                                                                        • Opcode Fuzzy Hash: 59a706e87ca85010e54a2c661b87f99c7f5816507b12b6790a07d7da05152a3c
                                                                                        • Instruction Fuzzy Hash: D651FAB2A007028BD720DF69D84059AB3F4EF45338F244B2DDD6987B90E735E956CBA1
                                                                                        Function 6CCA3FB0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 144COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_RichCompare.PYTHON27(?,?,00000002), ref: 6CCA3FEF
                                                                                        • PyString_FromString.PYTHON27(deque.remove(x): x not in deque), ref: 6CCA4071
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000,deque.remove(x): x not in deque), ref: 6CCA407A
                                                                                        • PyString_FromString.PYTHON27(deque mutated during remove().), ref: 6CCA40AB
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,deque mutated during remove().), ref: 6CCA40B4
                                                                                          • Part of subcall function 6CCA3590: PyString_FromString.PYTHON27(pop from an empty deque), ref: 6CCA35AF
                                                                                          • Part of subcall function 6CCA3590: PyErr_SetObject.PYTHON27(6CEE5B38,00000000,pop from an empty deque), ref: 6CCA35B8
                                                                                          • Part of subcall function 6CCA3B50: memcpy.MSVCR90(?,?,00000000), ref: 6CCA3C06
                                                                                          • Part of subcall function 6CCA3B50: free.MSVCR90 ref: 6CCA3C43
                                                                                        Strings
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA40A0
                                                                                        • deque.remove(x): x not in deque, xrefs: 6CCA406C
                                                                                        • deque mutated during remove()., xrefs: 6CCA40A6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_$CompareObject_Richfreememcpy
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$deque mutated during remove().$deque.remove(x): x not in deque
                                                                                        • API String ID: 1611417228-2757446003
                                                                                        • Opcode ID: 03603c83ad46983eba6bc676f5f684de81a871b57abe4fb3d21d4717545fc504
                                                                                        • Instruction ID: 2801d416d82e2bde3e549cbcda0fa513fadc3a130e5d68e8352a2741790232ba
                                                                                        • Opcode Fuzzy Hash: 03603c83ad46983eba6bc676f5f684de81a871b57abe4fb3d21d4717545fc504
                                                                                        • Instruction Fuzzy Hash: AA411B7260460347C300DEFA9885556B3B4AF85338B241729E92587B91FB75EC47D6D1
                                                                                        Function 6CD2F520 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,?), ref: 6CD2F544
                                                                                        • PyCallable_Check.PYTHON27(00000000), ref: 6CD2F557
                                                                                          • Part of subcall function 6CD67170: PyObject_GetAttrString.PYTHON27(6CD2F42C,__call__,?,6CD2F42C,00000000), ref: 6CD6718B
                                                                                          • Part of subcall function 6CD67170: PyErr_Clear.PYTHON27(6CD2F42C,00000000), ref: 6CD67197
                                                                                        • _Py_VaBuildValue_SizeT.PYTHON27(?,?), ref: 6CD2F585
                                                                                          • Part of subcall function 6CD2AFD0: PyErr_Format.PYTHON27(6CEE48B0,00000000,?,?,6CD2B31B,sequence index must be integer, not '%.200s',?,00000000,?,?,6CD2EF3A), ref: 6CD2AFE5
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F635
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD2F5C8
                                                                                        • attribute of type '%.200s' is not callable, xrefs: 6CD2F563
                                                                                        • null argument to internal routine, xrefs: 6CD2F62F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$AttrObject_$BuildCallable_CheckClearFormatSizeValue_
                                                                                        • String ID: GC object already tracked$attribute of type '%.200s' is not callable$null argument to internal routine
                                                                                        • API String ID: 3997184170-539247347
                                                                                        • Opcode ID: 2d8629249b80b9fee4af2b54c4ef41d1dfd9c90ad8e60dc6b145ec3fc870728c
                                                                                        • Instruction ID: 8e6824e0bf4a3ad8b5058d0cdb86b3b60a84a14bd8d6130db50221e09b501630
                                                                                        • Opcode Fuzzy Hash: 2d8629249b80b9fee4af2b54c4ef41d1dfd9c90ad8e60dc6b145ec3fc870728c
                                                                                        • Instruction Fuzzy Hash: 45312BB1B00221DBDB10CF69DC41A5633B4FB4532DB200B69FA1A87F61E739D845C7A1
                                                                                        Function 6CCB1D00 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,i:getrandbits,?), ref: 6CCB1D13
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,number of bits must be greater than zero), ref: 6CCB1D32
                                                                                        • malloc.MSVCR90 ref: 6CCB1D6A
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCB1D79
                                                                                        • _PyLong_FromByteArray.PYTHON27(00000000,?,00000001,00000000), ref: 6CCB1DD9
                                                                                        • free.MSVCR90 ref: 6CCB1DE1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Arg_ArrayByteFromLong_MemoryParseStringTuplefreemalloc
                                                                                        • String ID: $i:getrandbits$number of bits must be greater than zero
                                                                                        • API String ID: 161777060-1220404624
                                                                                        • Opcode ID: 3fc7d4664ff93b27ee68a506baa13889d98ef99d4eca6c795a1d96aac32a79e0
                                                                                        • Instruction ID: cc2ec13da72eeb12865621aba326abb3d5788c0aedb993d7e999f92a9dd29b8d
                                                                                        • Opcode Fuzzy Hash: 3fc7d4664ff93b27ee68a506baa13889d98ef99d4eca6c795a1d96aac32a79e0
                                                                                        • Instruction Fuzzy Hash: 7B214777B002446BDB11CAFDAC80B9E777ADBC1264F1446A9ED08E7741FA31EA45C3A0
                                                                                        Function 6CCA5510 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(None), ref: 6CCA5539
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromStringString_
                                                                                        • String ID: ...$None$defaultdict(%s, %s)
                                                                                        • API String ID: 3295083243-2392874948
                                                                                        • Opcode ID: ec34cccc528bfafbd053f5ab5e04742eb5b2a1d989a4c7e5c1e834a6eb6fe422
                                                                                        • Instruction ID: a409c316916d8c54de38950bd7b3ee8e0833dfcd86adfe50e690736c399ae023
                                                                                        • Opcode Fuzzy Hash: ec34cccc528bfafbd053f5ab5e04742eb5b2a1d989a4c7e5c1e834a6eb6fe422
                                                                                        • Instruction Fuzzy Hash: 7921F8736045026BD700DBE5EC8488773A5AB85338B144325E92987E51F725F91BC7A2
                                                                                        Function 6CD5D9C0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,can't convert negative value to unsigned long), ref: 6CD5D9F5
                                                                                        • PyInt_AsLong.PYTHON27(?), ref: 6CD5DA59
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,can't convert negative value to unsigned long), ref: 6CD5DA70
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,000001AA), ref: 6CD5DA97
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5DA91
                                                                                        • ..\Objects\longobject.c, xrefs: 6CD5DA8C
                                                                                        • can't convert negative value to unsigned long, xrefs: 6CD5D9EF, 6CD5DA6A
                                                                                        • long int too large to convert, xrefs: 6CD5DA3A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$String$FormatInt_Long
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\longobject.c$can't convert negative value to unsigned long$long int too large to convert
                                                                                        • API String ID: 851377888-2248287418
                                                                                        • Opcode ID: 43406d620dfbcfacbde1dbca1a3c3be5d5614b202f39d64f4bffbc35dfd1f248
                                                                                        • Instruction ID: 9d7c72069c8b22cb95bc7e71b03450a0a4affd897f25e31c46097ae6eabf51e3
                                                                                        • Opcode Fuzzy Hash: 43406d620dfbcfacbde1dbca1a3c3be5d5614b202f39d64f4bffbc35dfd1f248
                                                                                        • Instruction Fuzzy Hash: C921077AB19000078A109A7EAD80A567368DBD5679B240766FD28CBBE1FA31C46582E1
                                                                                        Function 6CD4FFE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD50006
                                                                                        • PyObject_GetAttrString.PYTHON27(?,softspace), ref: 6CD5001D
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD5002B
                                                                                        • PyInt_AsLong.PYTHON27(00000000), ref: 6CD5003F
                                                                                        • PyInt_FromLong.PYTHON27(?), ref: 6CD5005E
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD5006C
                                                                                        • PyObject_SetAttrString.PYTHON27(?,softspace,00000000), ref: 6CD5007F
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD5008B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearErr_$AttrInt_LongObject_String$FromSubtypeType_
                                                                                        • String ID: softspace
                                                                                        • API String ID: 3854672287-2976471430
                                                                                        • Opcode ID: 983182f50ea54bbdce3ca57b24390d84fa02e7211b8253c0e5ee6b52ba4fe0d1
                                                                                        • Instruction ID: 57ab67e24e4979f114321bc3d3b3e9d46db36d30bfce365bc8aafdd661e7d1cf
                                                                                        • Opcode Fuzzy Hash: 983182f50ea54bbdce3ca57b24390d84fa02e7211b8253c0e5ee6b52ba4fe0d1
                                                                                        • Instruction Fuzzy Hash: D621C9766415415BCA105BA9AC809DBB3B89F412FCB244739E85C87F60D735F866C2E1
                                                                                        Function 6CD651D0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD651E7
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,bad argument type for built-in operation), ref: 6CD651FE
                                                                                        • PyString_FromString.PYTHON27(__name__), ref: 6CD65218
                                                                                        • PyDict_GetItem.PYTHON27(?,00000000), ref: 6CD65228
                                                                                        • PyString_AsString.PYTHON27(00000000), ref: 6CD65254
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,nameless module), ref: 6CD6526C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Err_String_$Dict_FromItemSubtypeType_
                                                                                        • String ID: __name__$bad argument type for built-in operation$nameless module
                                                                                        • API String ID: 3592122911-3885832345
                                                                                        • Opcode ID: 1c6b7eae30224e289338db8531dc5eedc243772c45f901d401ca1635f32765ff
                                                                                        • Instruction ID: 7ac776bcf641d478e5b635e4849c45055ad006675d10c6a917b72f31bf4ef04f
                                                                                        • Opcode Fuzzy Hash: 1c6b7eae30224e289338db8531dc5eedc243772c45f901d401ca1635f32765ff
                                                                                        • Instruction Fuzzy Hash: FB11597AA4150457C6109BAAFC40A9B73B89F8426CF390528EC2C97F21F725F496C3E1
                                                                                        Function 6CDE8570 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyOS_snprintf.PYTHON27(6CF22580,0000004C,%s%s%s, %.20s, %.9s,v2.7.18,6CE93E4C,8d21aa21f2,Apr 20 2020,13:19:08,6CCAA724,[MSC v.1500 32 bit (Intel)]), ref: 6CDE85DE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: S_snprintf
                                                                                        • String ID: %s%s%s, %.20s, %.9s$13:19:08$8d21aa21f2$Apr 20 2020$default$tags/v2.7.18^0$undefined$v2.7.18
                                                                                        • API String ID: 2260853251-2313236023
                                                                                        • Opcode ID: 04b9630669d5f9b68f4920dc1c0e9d3a443d47854bd6ad50a9010684c0e5408f
                                                                                        • Instruction ID: 0e30d3e15e4171b32887ad227687d2499536b46554b1ca2fefc312dc0789214a
                                                                                        • Opcode Fuzzy Hash: 04b9630669d5f9b68f4920dc1c0e9d3a443d47854bd6ad50a9010684c0e5408f
                                                                                        • Instruction Fuzzy Hash: E0F0964061824065D7024B7C0ED3B722E720B1E16CFA80A97E954BFFA2FA17C8488355
                                                                                        Function 6CCAF090 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_Ready.PYTHON27(6CF0B7F8), ref: 6CCAF095
                                                                                        • PyType_Ready.PYTHON27(6CF0B8E8), ref: 6CCAF0A6
                                                                                        • Py_InitModule4.PYTHON27(_json,6CF0B9AC,json speedups,00000000,000003F5), ref: 6CCAF0C9
                                                                                        • PyModule_AddObject.PYTHON27(00000000,make_scanner,6CF0B7F8), ref: 6CCAF0E8
                                                                                          • Part of subcall function 6CDCEC70: PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        • PyModule_AddObject.PYTHON27(00000000,make_encoder,6CF0B8E8,00000000,make_scanner,6CF0B7F8), ref: 6CCAF0FE
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs non-NULL value,00000000,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCECCB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type_$Err_Module_ObjectReadyString$InitModule4Subtype
                                                                                        • String ID: _json$json speedups$make_encoder$make_scanner
                                                                                        • API String ID: 2050293671-368859247
                                                                                        • Opcode ID: 7f783580574e92821aed4aca6b30139a6a724809b0480b686458bc389e6beadd
                                                                                        • Instruction ID: 3e044cc608f85c161548ff92aec30f587dcf7e9afb914fa4e5fe4677b7494b35
                                                                                        • Opcode Fuzzy Hash: 7f783580574e92821aed4aca6b30139a6a724809b0480b686458bc389e6beadd
                                                                                        • Instruction Fuzzy Hash: BEF0E561F4151237E11033555C16FAA34A8AB41E4EF401C21FD14A5E32F722891A62FB
                                                                                        Function 6CCACE60 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 203COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCACEA7
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCACEE5
                                                                                        Strings
                                                                                        • Expecting ',' delimiter, xrefs: 6CCAD0B4
                                                                                        • GC object already tracked, xrefs: 6CCACEE0
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CCAD076
                                                                                        • Expecting object, xrefs: 6CCACF4A
                                                                                        • ..\Objects\listobject.c, xrefs: 6CCAD071
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalMallocObject_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c$Expecting ',' delimiter$Expecting object$GC object already tracked
                                                                                        • API String ID: 2067638752-3793139508
                                                                                        • Opcode ID: c82f1ab7f14eb3f0029edf7d5ae6c44d6188c5bdedc777965eb4e1e57b840258
                                                                                        • Instruction ID: 5bec8432ccd41725d5d879f6e90b7175a78a91f887011fccd14d982e94fbfe28
                                                                                        • Opcode Fuzzy Hash: c82f1ab7f14eb3f0029edf7d5ae6c44d6188c5bdedc777965eb4e1e57b840258
                                                                                        • Instruction Fuzzy Hash: EA61E9716002039BC710AF9DC84899AB7B1FB89318F60875AEC6447B55F736D887C7D2
                                                                                        Function 6CCACC00 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 200COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCACC40
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCACC7E
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CCACC79
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CCACDE3
                                                                                        • Expecting object, xrefs: 6CCACCD2
                                                                                        • Expecting , delimiter, xrefs: 6CCACE1E
                                                                                        • ..\Objects\listobject.c, xrefs: 6CCACDDE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalMallocObject_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c$Expecting , delimiter$Expecting object$GC object already tracked
                                                                                        • API String ID: 2067638752-4064892806
                                                                                        • Opcode ID: 9db99d7f232ee815fd82a7e58a1601a7d90ef8e462bdc3542c68821ee417cda7
                                                                                        • Instruction ID: a70aef7aa08a991ed5ac91228382b9e127c39ea65b6f8e0a0bb7ef4f6e7accf3
                                                                                        • Opcode Fuzzy Hash: 9db99d7f232ee815fd82a7e58a1601a7d90ef8e462bdc3542c68821ee417cda7
                                                                                        • Instruction Fuzzy Hash: C361F371E046175BC720AF9CD488695B7B1BB4632CB20475AE8744BB80E337D997CBD2
                                                                                        Function 6CD66C20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 193COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyUnicodeUCS2_AsEncodedString.PYTHON27(?,00000000,00000000), ref: 6CD66C55
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,attribute name must be string, not '%.200s',?), ref: 6CD66C7B
                                                                                        • PyType_Ready.PYTHON27(?), ref: 6CD66C9C
                                                                                        • _PyType_Lookup.PYTHON27(?,?), ref: 6CD66CAE
                                                                                        • PyDict_GetItem.PYTHON27(?,?), ref: 6CD66D52
                                                                                        Strings
                                                                                        • attribute name must be string, not '%.200s', xrefs: 6CD66C75
                                                                                        • '%.50s' object has no attribute '%.400s', xrefs: 6CD66DE0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type_$Dict_EncodedErr_FormatItemLookupReadyStringUnicode
                                                                                        • String ID: '%.50s' object has no attribute '%.400s'$attribute name must be string, not '%.200s'
                                                                                        • API String ID: 2490400702-3798209010
                                                                                        • Opcode ID: 2b4d7cc5b59564b258c485e68d9d68bfcdbb6bfe853ad55e7d264bd34379728a
                                                                                        • Instruction ID: 738b25a5279c335a0b2e4eb67871d04d3efd8084e449237db02ae4ec6ea044ef
                                                                                        • Opcode Fuzzy Hash: 2b4d7cc5b59564b258c485e68d9d68bfcdbb6bfe853ad55e7d264bd34379728a
                                                                                        • Instruction Fuzzy Hash: BF618E71A01501ABD704CF15D881BAEB7B4EF85328F258369E828CBB91E734E957CBD1
                                                                                        Function 6CCA65D0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6CCA64F0: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA6560
                                                                                        • PyString_AsStringAndSize.PYTHON27(00000000,?,?), ref: 6CCA662A
                                                                                        • PyString_AsStringAndSize.PYTHON27(00000000,?,?), ref: 6CCA6656
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CCA66F7
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA6703
                                                                                        • PyErr_SetString.PYTHON27(00000000,unexpected end of data), ref: 6CCA673D
                                                                                        • PyErr_Format.PYTHON27(00000000,line contains NUL), ref: 6CCA6790
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$String$SizeString_$ClearErrorExceptionFatalFormatGivenMatches
                                                                                        • String ID: line contains NUL$unexpected end of data
                                                                                        • API String ID: 2960452433-1196342961
                                                                                        • Opcode ID: e05392bc10c34fd6d60dfa03fdfa64e611aebef7134d9d5cfb0ea737211a6dc0
                                                                                        • Instruction ID: 48e25ca415139b788442ce435dc58a4281de71010e3cfaf701896717b8e40545
                                                                                        • Opcode Fuzzy Hash: e05392bc10c34fd6d60dfa03fdfa64e611aebef7134d9d5cfb0ea737211a6dc0
                                                                                        • Instruction Fuzzy Hash: 4351C876614A028BD700CFADD844A96B3F4AB84338F144758DD68CBB51F731E95ACBE2
                                                                                        Function 6CD64E20 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_WarnEx.PYTHON27(6CEE6B30,__methods__ not supported in 3.x,00000001), ref: 6CD64E85
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CD64EE7
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CD64F55
                                                                                        • PyErr_SetObject.PYTHON27(6CEE55C0,00000000), ref: 6CD64F61
                                                                                        • PyCFunction_NewEx.PYTHON27(?,?,00000000), ref: 6CD64F8E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromStringString_$Function_ObjectWarn
                                                                                        • String ID: __doc__$__methods__$__methods__ not supported in 3.x
                                                                                        • API String ID: 2564561678-680540298
                                                                                        • Opcode ID: 5721e1c45958ed2fafa7a30d13cd0bd64f6b5a7747d00a5eb5752b605bb64b94
                                                                                        • Instruction ID: c19de8d447b52e56b9e5ac51877e404ff9e12ee6d2a908f4d5f8d54a2edd61dd
                                                                                        • Opcode Fuzzy Hash: 5721e1c45958ed2fafa7a30d13cd0bd64f6b5a7747d00a5eb5752b605bb64b94
                                                                                        • Instruction Fuzzy Hash: 1341DB667081418BC712CF7768B16A277B69F4326CF5C43A5EC988BE62E713D40AC391
                                                                                        Function 6CCB5CF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,buffer has negative size), ref: 6CCB5D7C
                                                                                        Strings
                                                                                        • buffer size mismatch, xrefs: 6CCB5DB5
                                                                                        • buffer has negative size, xrefs: 6CCB5D76
                                                                                        • expected string or buffer, xrefs: 6CCB5DEA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: buffer has negative size$buffer size mismatch$expected string or buffer
                                                                                        • API String ID: 1450464846-3209885078
                                                                                        • Opcode ID: 0fd5ea450cd6bf5c1c66ea4dfdc02221ba372c36a76cc01b942810b24b82f8d1
                                                                                        • Instruction ID: b2a1ab4a88a0660df8536109927e6f099d3803a3bdec951b5b90426ecfc3ab85
                                                                                        • Opcode Fuzzy Hash: 0fd5ea450cd6bf5c1c66ea4dfdc02221ba372c36a76cc01b942810b24b82f8d1
                                                                                        • Instruction Fuzzy Hash: BE31B236B016009FD710DF68E844B9A73E4EB85228F2086AAEC2CDBB40F735E95587D1
                                                                                        Function 6CD676A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__dir__,?,?,?,6CD677F7), ref: 6CD676B9
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE55C0), ref: 6CD676DB
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD676E7
                                                                                          • Part of subcall function 6CD674E0: PyDict_New.PYTHON27(?,6CEE9E88,?,6CD67758,?), ref: 6CD674E7
                                                                                          • Part of subcall function 6CD674E0: PyDict_Keys.PYTHON27(00000000), ref: 6CD67504
                                                                                        • PyType_IsSubtype.PYTHON27(6CEE9E88,?,?,?,?,?,?,?,?,?,6CD677F7), ref: 6CD67728
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(00000000,00000000,?,?,?,?,?,?,?,?,6CD677F7), ref: 6CD67773
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,__dir__() must return a list, not %.200s,?), ref: 6CD677B1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Dict_Object_$ArgsAttrCallClearExceptionFormatFunctionGivenKeysMatchesStringSubtypeType_
                                                                                        • String ID: __dir__$__dir__() must return a list, not %.200s
                                                                                        • API String ID: 875330717-2214674259
                                                                                        • Opcode ID: e96c868f979e0899ed9f771e13c65281124d58d3b5026c23d45845a973af7d1f
                                                                                        • Instruction ID: c143dd50b8743f1e325d6731606f40b3361b9d824167fea32c978882c11c6487
                                                                                        • Opcode Fuzzy Hash: e96c868f979e0899ed9f771e13c65281124d58d3b5026c23d45845a973af7d1f
                                                                                        • Instruction Fuzzy Hash: 39314C77B10105ABD610A76AAC41696B3B5DB84379F270365DC1887F60FF25EC16C2E1
                                                                                        Function 6CD57140 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyLong_AsLong.PYTHON27(00000000), ref: 6CD57187
                                                                                        • PyString_FromString.PYTHON27(an integer is required,?,00000000,?,6CD572FD,00000000,?,6CD2D745,00000000,?,00000000), ref: 6CD5722C
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,?,00000000), ref: 6CD57238
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromLongLong_ObjectStringString_
                                                                                        • String ID: __int__ method should return an integer$an integer is required$xl
                                                                                        • API String ID: 3725047433-1984649802
                                                                                        • Opcode ID: 55f62f4661888b604acde933ea5041bc27502068efdab7f8b4540f63769ce09d
                                                                                        • Instruction ID: f5ec93fea98a891ac76aefe2c39c71d4d2d1d3c7493584eb5532ea73f7f8669a
                                                                                        • Opcode Fuzzy Hash: 55f62f4661888b604acde933ea5041bc27502068efdab7f8b4540f63769ce09d
                                                                                        • Instruction Fuzzy Hash: 8D312B76B1140057DA10DF69BC01D9B73A4DB81238B254369ED288BBA0EB21E866C7D2
                                                                                        Function 6CD2BC70 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyBuffer_IsContiguous.PYTHON27(?,?), ref: 6CD2BC87
                                                                                        • memcpy.MSVCR90(00000000,?,?), ref: 6CD2BC9E
                                                                                        • malloc.MSVCR90 ref: 6CD2BCC4
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CD2BCD3
                                                                                        • PyBuffer_GetPointer.PYTHON27(?,00000000,?,?,?,?), ref: 6CD2BD2D
                                                                                        • memcpy.MSVCR90(00000000), ref: 6CD2BD36
                                                                                        • free.MSVCR90 ref: 6CD2BD54
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Buffer_memcpy$ContiguousErr_MemoryPointerfreemalloc
                                                                                        • String ID: F
                                                                                        • API String ID: 574524102-1304234792
                                                                                        • Opcode ID: 528feded483ac79885b604f05663f02f6a5335800443b40d94dc106af51905d3
                                                                                        • Instruction ID: 2eabefcda9b9556a0d9cef172145c94c5a50d18026abe5979cd339b14c46c79d
                                                                                        • Opcode Fuzzy Hash: 528feded483ac79885b604f05663f02f6a5335800443b40d94dc106af51905d3
                                                                                        • Instruction Fuzzy Hash: 563193B1600609AFDB108F74DC81A9777A8EF4422CF144925FE1AC6B90E7B9E954CBA1
                                                                                        Function 6CDB29C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000000,00000001,00000000,?,6CD00E50,?,00000000,00000000), ref: 6CDB29E8
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked,00000000,00000000), ref: 6CDB2A12
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,argument list must be a tuple), ref: 6CDB2A56
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,keyword list must be a dictionary), ref: 6CDB2A87
                                                                                        • PyObject_Call.PYTHON27(00000000,?,6CD00E50), ref: 6CDB2AAE
                                                                                          • Part of subcall function 6CD2F070: _Py_CheckRecursiveCall.PYTHON27( while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CD2F0A5
                                                                                          • Part of subcall function 6CD2F070: PyErr_SetString.PYTHON27(6CEE65C8,NULL result without error in PyObject_Call,?,00000000,00000000), ref: 6CD2F0E4
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CDB2A0D
                                                                                        • keyword list must be a dictionary, xrefs: 6CDB2A81
                                                                                        • argument list must be a tuple, xrefs: 6CDB2A50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$CallObject_$CheckErrorFatalRecursive
                                                                                        • String ID: GC object already tracked$argument list must be a tuple$keyword list must be a dictionary
                                                                                        • API String ID: 1239886332-4171008509
                                                                                        • Opcode ID: 50f45a9a06b673cb4831e56de47f0a02f85fa7f629d46d8285bf3f4ca2d0b0ba
                                                                                        • Instruction ID: 4d345bfae52a30cd9ffbca7a3adccabcba3d7d970aa5cc41106050442e47c05c
                                                                                        • Opcode Fuzzy Hash: 50f45a9a06b673cb4831e56de47f0a02f85fa7f629d46d8285bf3f4ca2d0b0ba
                                                                                        • Instruction Fuzzy Hash: 4B3137B3B002019FC720CF68DC85A56B3B4FB46728B214759DC6AA7B90E731E816C7E0
                                                                                        Function 6CD6DCA0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\stringobject.c,00000330,00000002,?,?,6CD6DC88,?,?,?), ref: 6CD6DCC4
                                                                                        • PyUnicodeUCS2_AsEncodedString.PYTHON27(?,?,?,00000002,?,?,6CD6DC88,?,?,?), ref: 6CD6DCF6
                                                                                        Strings
                                                                                        • expected string or Unicode object, %.200s found, xrefs: 6CD6DD1E
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6DCBE
                                                                                        • expected string without null bytes, xrefs: 6CD6DD65
                                                                                        • ..\Objects\stringobject.c, xrefs: 6CD6DCB9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: EncodedErr_FormatStringUnicode
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\stringobject.c$expected string or Unicode object, %.200s found$expected string without null bytes
                                                                                        • API String ID: 954898053-3818547146
                                                                                        • Opcode ID: 2de56d25a287db28432cba0eb126d97f65b09a888e1f9e6731aac8827f55f263
                                                                                        • Instruction ID: cd0f0e52f1eb619a8ab5ee27612d9fd1ecb1235b278b94a67fedf76196fd0795
                                                                                        • Opcode Fuzzy Hash: 2de56d25a287db28432cba0eb126d97f65b09a888e1f9e6731aac8827f55f263
                                                                                        • Instruction Fuzzy Hash: A121E5767156055BD610DF6EFC409A673B8DB85338F244B6AEC28C7FA0EA21E415CAE0
                                                                                        Function 6CD2B460 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyNumber_AsSsize_t.PYTHON27(?,6CEE5B38), ref: 6CD2B4C5
                                                                                        • PySequence_DelItem.PYTHON27(?,00000000), ref: 6CD2B4E0
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2B53F
                                                                                        Strings
                                                                                        • sequence index must be integer, not '%.200s', xrefs: 6CD2B4F3
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD2B4BD
                                                                                        • null argument to internal routine, xrefs: 6CD2B539
                                                                                        • '%.200s' object does not support item deletion, xrefs: 6CD2B512
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_ItemNumber_Sequence_Ssize_tString
                                                                                        • String ID: '%.200s' object does not support item deletion$8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$null argument to internal routine$sequence index must be integer, not '%.200s'
                                                                                        • API String ID: 3718473444-156722486
                                                                                        • Opcode ID: 31e7abe22a95685b2987e023d9f832bc41dc924ecca13211e5d6ba4f0906fed6
                                                                                        • Instruction ID: d0ec6246fc604b2280e40689b629df2f8f3e09fda97de88b9149be997761f3eb
                                                                                        • Opcode Fuzzy Hash: 31e7abe22a95685b2987e023d9f832bc41dc924ecca13211e5d6ba4f0906fed6
                                                                                        • Instruction Fuzzy Hash: DB21A676701201ABE7048B55FCC0B667368EF4433DF244629EA2E4BEE1D77AE495C6A0
                                                                                        Function 6CD67420 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyFrame_FastToLocals.PYTHON27(00000000), ref: 6CD6743E
                                                                                          • Part of subcall function 6CD55510: PyDict_New.PYTHON27 ref: 6CD5552F
                                                                                          • Part of subcall function 6CD55510: PyErr_Clear.PYTHON27 ref: 6CD5553E
                                                                                        • PyString_FromString.PYTHON27(frame does not exist), ref: 6CD67458
                                                                                        • PyErr_SetObject.PYTHON27(6CEE65C8,00000000,frame does not exist), ref: 6CD67461
                                                                                        • PyObject_CallMethod.PYTHON27(?,keys,00000000), ref: 6CD6748E
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,dir(): expected keys() of locals to be a list, not '%.200s',?), ref: 6CD674B7
                                                                                        Strings
                                                                                        • keys, xrefs: 6CD67488
                                                                                        • frame does not exist, xrefs: 6CD67453
                                                                                        • dir(): expected keys() of locals to be a list, not '%.200s', xrefs: 6CD674B1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$CallClearDict_FastFormatFrame_FromLocalsMethodObjectObject_StringString_
                                                                                        • String ID: dir(): expected keys() of locals to be a list, not '%.200s'$frame does not exist$keys
                                                                                        • API String ID: 29291870-2405348499
                                                                                        • Opcode ID: 18aa08123f3e91d1368601d16cabbe1bc777bceeaf6259f29d7fc197077ccd0c
                                                                                        • Instruction ID: f92f5df444bcdb681a74e9382f4bead8bfec9103d828fad061979a177d289d3d
                                                                                        • Opcode Fuzzy Hash: 18aa08123f3e91d1368601d16cabbe1bc777bceeaf6259f29d7fc197077ccd0c
                                                                                        • Instruction Fuzzy Hash: C9112B72F019246BC2209799AC049DB73A8DF41734F250759EC5857F60E725FD15C7D2
                                                                                        Function 6CCAB460 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(json.decoder), ref: 6CCAB473
                                                                                        • PyImport_Import.PYTHON27(00000000), ref: 6CCAB486
                                                                                        • PyObject_GetAttrString.PYTHON27(00000000,errmsg), ref: 6CCAB4AB
                                                                                        • PyObject_CallFunction.PYTHON27(?,(zOO&),?,?,Function_0000ADF0,?), ref: 6CCAB4E9
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000), ref: 6CCAB4FF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_String$AttrCallErr_FromFunctionImportImport_ObjectString_
                                                                                        • String ID: (zOO&)$errmsg$json.decoder
                                                                                        • API String ID: 3680976038-3043390446
                                                                                        • Opcode ID: 2f24ce62a16f8b2138d66f4886a73f8c6b3326c0d731ff25f95701d07549a1b6
                                                                                        • Instruction ID: 901614832730ba1e59ad4e8b76961096b4d1df3a1a2b6adc922048dbe2765665
                                                                                        • Opcode Fuzzy Hash: 2f24ce62a16f8b2138d66f4886a73f8c6b3326c0d731ff25f95701d07549a1b6
                                                                                        • Instruction Fuzzy Hash: DB11D2B29006076BC3149BA4DC59D9B73B8AF56738B154318E92847B91F728EE0687E1
                                                                                        Function 6CD4C6E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 71threadstringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyEval_SaveThread.PYTHON27(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CD4CDE2), ref: 6CD4C6F8
                                                                                          • Part of subcall function 6CDAE4E0: Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate,00000000,6CDC67DA,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE4FA
                                                                                          • Part of subcall function 6CDAE4E0: InterlockedDecrement.KERNEL32(?), ref: 6CDAE516
                                                                                          • Part of subcall function 6CDAE4E0: SetEvent.KERNEL32(?,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE524
                                                                                        • _fileno.MSVCR90 ref: 6CD4C703
                                                                                        • _fstat64i32.MSVCR90(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CD4CDE2), ref: 6CD4C712
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CD4CDE2), ref: 6CD4C71B
                                                                                          • Part of subcall function 6CDAE540: Py_FatalError.PYTHON27(PyEval_RestoreThread: NULL tstate,?,?,6CDC67F6,00000000,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE550
                                                                                          • Part of subcall function 6CDAE540: _errno.MSVCR90 ref: 6CDAE569
                                                                                          • Part of subcall function 6CDAE540: _errno.MSVCR90 ref: 6CDAE585
                                                                                        • strerror.MSVCR90 ref: 6CD4C73B
                                                                                        • _PyObject_CallFunction_SizeT.PYTHON27(6CEE4EC0,(isO),00000015,00000000,?), ref: 6CD4C757
                                                                                          • Part of subcall function 6CD2F2F0: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F317
                                                                                        • PyErr_SetObject.PYTHON27(6CEE4EC0,00000000), ref: 6CD4C768
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_ErrorEval_FatalThread_errno$CallDecrementEventFunction_InterlockedObjectObject_RestoreSaveSizeString_fileno_fstat64i32strerror
                                                                                        • String ID: (isO)
                                                                                        • API String ID: 3937096073-307836670
                                                                                        • Opcode ID: b11b508674edf411645e6369fcee9716de44d04a2879d85b4ca21eabc0965f30
                                                                                        • Instruction ID: 070c7857ae195301adaf725eb3cd5ac59a8e0be98907fca66f4d2ffec40c36b7
                                                                                        • Opcode Fuzzy Hash: b11b508674edf411645e6369fcee9716de44d04a2879d85b4ca21eabc0965f30
                                                                                        • Instruction Fuzzy Hash: 47112976A002005BD620B7B8DC45A9773BCDB8422DF144739EF1DC3A50E731E81982E1
                                                                                        Function 6CCB7FD0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27 ref: 6CCB7FF5
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                          • Part of subcall function 6CCB7BB0: PyObject_GetItem.PYTHON27(?), ref: 6CCB7BCE
                                                                                          • Part of subcall function 6CCB7BB0: PyInt_AsSsize_t.PYTHON27(00000000), ref: 6CCB7BE9
                                                                                        • PyInt_FromSsize_t.PYTHON27(?,?,?,?), ref: 6CCB801D
                                                                                          • Part of subcall function 6CD570D0: PyInt_FromLong.PYTHON27(6CD2E114,?,6CD2E114,?), ref: 6CD570E2
                                                                                        • PyString_FromString.PYTHON27(no such group,?,?,?), ref: 6CCB8036
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,no such group,?,?,?), ref: 6CCB803F
                                                                                        Strings
                                                                                        • no such group, xrefs: 6CCB8031
                                                                                        • end, xrefs: 6CCB7FE7
                                                                                        • cl, xrefs: 6CCB7FED
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCB802B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Int_$Err_ObjectSsize_tStringString_$Arg_ItemLongObject_TupleUnpack
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$end$no such group$cl
                                                                                        • API String ID: 2789669055-1373883640
                                                                                        • Opcode ID: 0454e29fad707cf5c1eca6f9f129c90f88fdeb8a4480e414ca1f998d493ecfe3
                                                                                        • Instruction ID: 05bf0438a72b530a611f72af84500ebfe61f2c9a038a80adfa5ea816863c9a84
                                                                                        • Opcode Fuzzy Hash: 0454e29fad707cf5c1eca6f9f129c90f88fdeb8a4480e414ca1f998d493ecfe3
                                                                                        • Instruction Fuzzy Hash: 22012676A006006BD6109BA4BC81EAB73A8DB85274F144759FD6DA7B80F731E916C3F2
                                                                                        Function 6CCB7F30 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27 ref: 6CCB7F55
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                          • Part of subcall function 6CCB7BB0: PyObject_GetItem.PYTHON27(?), ref: 6CCB7BCE
                                                                                          • Part of subcall function 6CCB7BB0: PyInt_AsSsize_t.PYTHON27(00000000), ref: 6CCB7BE9
                                                                                        • PyInt_FromSsize_t.PYTHON27(?,?,?,?), ref: 6CCB7F7D
                                                                                          • Part of subcall function 6CD570D0: PyInt_FromLong.PYTHON27(6CD2E114,?,6CD2E114,?), ref: 6CD570E2
                                                                                        • PyString_FromString.PYTHON27(no such group,?,?,?), ref: 6CCB7F96
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,no such group,?,?,?), ref: 6CCB7F9F
                                                                                        Strings
                                                                                        • no such group, xrefs: 6CCB7F91
                                                                                        • cl, xrefs: 6CCB7F4D
                                                                                        • start, xrefs: 6CCB7F47
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCB7F8B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Int_$Err_ObjectSsize_tStringString_$Arg_ItemLongObject_TupleUnpack
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$no such group$start$cl
                                                                                        • API String ID: 2789669055-2211824589
                                                                                        • Opcode ID: a8d1e8a814491936344b9b6f02ee48784b1852aba64f6d3d5ed7aa01ced32622
                                                                                        • Instruction ID: 3f9f6b0cfd6943229a15475b3eee8d96596135d51a566388d8c4adf4f3e8b734
                                                                                        • Opcode Fuzzy Hash: a8d1e8a814491936344b9b6f02ee48784b1852aba64f6d3d5ed7aa01ced32622
                                                                                        • Instruction Fuzzy Hash: B5016676A006006BD2109BA4AC41AAB73B8DB88234F100318FC28A7B80F730E905C3FA
                                                                                        Function 00401180 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetModuleFileNameA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\pyexec.exe,00000304,00401245,?,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040118F
                                                                                        • GetLastError.KERNEL32(Retrieving module name,?,?,004018EB,?,?,00401A4C,00000000,?,0040111A,windows_exe), ref: 0040119E
                                                                                          • Part of subcall function 00401000: FormatMessageA.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000), ref: 00401024
                                                                                          • Part of subcall function 00401000: strncpy.MSVCR90 ref: 00401038
                                                                                          • Part of subcall function 00401000: LocalFree.KERNEL32(?), ref: 00401046
                                                                                          • Part of subcall function 00401000: lstrlenA.KERNEL32(00000000), ref: 00401058
                                                                                          • Part of subcall function 00401000: _snprintf.MSVCR90 ref: 00401073
                                                                                          • Part of subcall function 00401000: GetFocus.USER32 ref: 00401085
                                                                                          • Part of subcall function 00401000: MessageBoxA.USER32(00000000), ref: 0040108C
                                                                                        • strncmp.MSVCR90 ref: 004011D2
                                                                                        • strrchr.MSVCR90 ref: 00401201
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ErrorFileFocusFormatFreeLastLocalModuleName_snprintflstrlenstrncmpstrncpystrrchr
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\pyexec.exe$Retrieving module name$\\?\
                                                                                        • API String ID: 3478746248-1275261239
                                                                                        • Opcode ID: 1c63dc24383a6b44afdcbb7e344813abb8cf198e7691c487b9f7923b4337fbf4
                                                                                        • Instruction ID: 91c1268eff9de99491df4014b82af4a7232e339c9bbb35131923ff5da035fb76
                                                                                        • Opcode Fuzzy Hash: 1c63dc24383a6b44afdcbb7e344813abb8cf198e7691c487b9f7923b4337fbf4
                                                                                        • Instruction Fuzzy Hash: E201ADB06406405BE3011BB95E1AB173A849B59B0AF1A8072FB46FF2E2DA7DC914865D
                                                                                        Function 6CDD0F50 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(6CF6F1C3,?,?,6CD6595C,00000000,?,-00000040,00000000,00000000), ref: 6CDD0F5B
                                                                                        • TlsGetValue.KERNEL32(?,?,6CD6595C,00000000,?,-00000040,00000000,00000000), ref: 6CDD0F64
                                                                                        • SetLastError.KERNEL32(00000000,?,6CD6595C,00000000,?,-00000040,00000000,00000000), ref: 6CDD0F6D
                                                                                        • Py_FatalError.PYTHON27(auto-releasing thread-state, but no thread-state for this thread,?,6CD6595C,00000000,?,-00000040,00000000,00000000), ref: 6CDD0F7C
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • Py_FatalError.PYTHON27(This thread state must be current when releasing,?,6CD6595C,00000000,?,-00000040,00000000,00000000), ref: 6CDD0F91
                                                                                        • PyThreadState_Clear.PYTHON27(00000000,?,?,?,?,?,?,?,?,?,6CD6595C,00000000,?,-00000040,00000000,00000000), ref: 6CDD0FA0
                                                                                        Strings
                                                                                        • This thread state must be current when releasing, xrefs: 6CDD0F8C
                                                                                        • auto-releasing thread-state, but no thread-state for this thread, xrefs: 6CDD0F77
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$DebugOutputString$FatalLast__iob_func$ClearState_ThreadValueabortfflushfprintf
                                                                                        • String ID: This thread state must be current when releasing$auto-releasing thread-state, but no thread-state for this thread
                                                                                        • API String ID: 635605043-2749262977
                                                                                        • Opcode ID: 7740659b7fb490cd1c3029a53972c09aaa24f919a6f83e4257e96ae5ef55814c
                                                                                        • Instruction ID: e2dcfcd27aed468dd839a619781a972deeb0a231fbdc792fc2c602820edd0dc3
                                                                                        • Opcode Fuzzy Hash: 7740659b7fb490cd1c3029a53972c09aaa24f919a6f83e4257e96ae5ef55814c
                                                                                        • Instruction Fuzzy Hash: A4F02B73E04210AB8A5117F9680859E37BC99C62BD7160126E65957E10D225B48587E3
                                                                                        Function 6CDC3CD0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 38stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyOS_snprintf.PYTHON27(?,00000000,%.100s,(impossible<bad format char>),6CDC531E,?,?,?), ref: 6CDC3CDD
                                                                                        • strncpy.MSVCR90 ref: 6CDC3CE5
                                                                                        • PyOS_snprintf.PYTHON27(?,00000000,must be %.50s, not %.50s,(impossible<bad format char>),None,6CDC531E,?,?,?), ref: 6CDC3D0B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: S_snprintf$strncpy
                                                                                        • String ID: %.100s$(impossible<bad format char>)$None$must be %.50s, not %.50s
                                                                                        • API String ID: 3205757138-3587708185
                                                                                        • Opcode ID: d15b9c54a5bc37e3184a7e2053ab591f0f1f034ae37a1f93ae0a1579060e0aab
                                                                                        • Instruction ID: 72000b6fb74d433f05206a6df9cdd892409c7334e821dc020635fc615c7dfc99
                                                                                        • Opcode Fuzzy Hash: d15b9c54a5bc37e3184a7e2053ab591f0f1f034ae37a1f93ae0a1579060e0aab
                                                                                        • Instruction Fuzzy Hash: CEF037D47091907FD65157196C8AD5B397CCB9674CB194488F8049FB13D6089E16C2B6
                                                                                        Function 6CCB6490 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_GetSlice.PYTHON27(?,00000000,00000000), ref: 6CCB649F
                                                                                          • Part of subcall function 6CD2E3E0: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E401
                                                                                        • PyObject_GetAttrString.PYTHON27(00000000,join), ref: 6CCB64D6
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000001), ref: 6CCB6526
                                                                                          • Part of subcall function 6CCDBAA0: _PyObject_GC_Malloc.PYTHON27(?), ref: 6CCDBABC
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB654A
                                                                                        • PyEval_CallObjectWithKeywords.PYTHON27(00000000,00000000,00000000), ref: 6CCB6582
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$String$AttrCallErr_ErrorEval_FatalKeywordsMallocObjectSequence_SliceWith
                                                                                        • String ID: GC object already tracked$join
                                                                                        • API String ID: 1422419863-3426826676
                                                                                        • Opcode ID: 9c9a5f1006b82d615e15ae050664b2e5898d2bf3a65e1fc387d253bfca987ba5
                                                                                        • Instruction ID: e66af9ccafd6ea0ca63465bcd182fae0fed9e9e709ef615bf558f70558a970b8
                                                                                        • Opcode Fuzzy Hash: 9c9a5f1006b82d615e15ae050664b2e5898d2bf3a65e1fc387d253bfca987ba5
                                                                                        • Instruction Fuzzy Hash: 8741E4B1A006019BD714CFA4DC81A96B3B4EB45338F148369D92D8BBD1E735EC56CBD1
                                                                                        Function 6CD57410 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyLong_AsUnsignedLongLongMask.PYTHON27(?), ref: 6CD57447
                                                                                        • PyString_FromString.PYTHON27(an integer is required), ref: 6CD57524
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,an integer is required), ref: 6CD5752D
                                                                                        Strings
                                                                                        • an integer is required, xrefs: 6CD5751F
                                                                                        • __int__ method should return an integer, xrefs: 6CD574DD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Long$Err_FromLong_MaskObjectStringString_Unsigned
                                                                                        • String ID: __int__ method should return an integer$an integer is required
                                                                                        • API String ID: 4252816533-4209363968
                                                                                        • Opcode ID: 9386b8daef55f515f35da3b06f6073ef339bbef165dc62540aa97975a1c761d7
                                                                                        • Instruction ID: 4776681d4bc8c8f047974970762ed39f59e1a6f615835f9ffd7b694c4c2ebf79
                                                                                        • Opcode Fuzzy Hash: 9386b8daef55f515f35da3b06f6073ef339bbef165dc62540aa97975a1c761d7
                                                                                        • Instruction Fuzzy Hash: 5B313876B015019BDA10CB6DAC40A96B3A5EF84238B358368E93CC7BE0E725DC62C6D1
                                                                                        Function 6CCA7C00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_Call.PYTHON27(00000000,00000000,00000000), ref: 6CCA7C4C
                                                                                        • PySequence_Concat.PYTHON27(?,?), ref: 6CCA7C94
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006DD), ref: 6CCA7CC3
                                                                                        • PyDict_Copy.PYTHON27(?), ref: 6CCA7CCF
                                                                                          • Part of subcall function 6CD466F0: PyDict_New.PYTHON27 ref: 6CD4670B
                                                                                          • Part of subcall function 6CD466F0: PyDict_Merge.PYTHON27(00000000,?,00000001), ref: 6CD4671A
                                                                                        • PyDict_Merge.PYTHON27(00000000,?,00000001), ref: 6CCA7D06
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CCA7CBD
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CCA7CB8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_$Merge$CallConcatCopyErr_FormatObject_Sequence_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c
                                                                                        • API String ID: 1080960429-1541589624
                                                                                        • Opcode ID: e07f3f62592744876d9925c1042eb0c417aaf0b16233cdf6f4a70d069c422e47
                                                                                        • Instruction ID: c697004c8ae88501a90a64ca9fa57485dde61a6f783b4fb5097b30653b117218
                                                                                        • Opcode Fuzzy Hash: e07f3f62592744876d9925c1042eb0c417aaf0b16233cdf6f4a70d069c422e47
                                                                                        • Instruction Fuzzy Hash: 8341CF72A002026BD7108FA5DC84A9673A5FB8437CB254768ED288BB85F735E853D7D1
                                                                                        Function 6CCA3E30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_RichCompare.PYTHON27(?,?,00000002), ref: 6CCA3E82
                                                                                        • PyObject_IsTrue.PYTHON27(00000000), ref: 6CCA3EAB
                                                                                        • PyInt_FromLong.PYTHON27(00000000), ref: 6CCA3F27
                                                                                        • PyString_FromString.PYTHON27(deque mutated during iteration), ref: 6CCA3F41
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5248,00000000,deque mutated during iteration), ref: 6CCA3F4A
                                                                                        • _PyLong_FromByteArray.PYTHON27(?,00000004,00000001,00000001), ref: 6CCA3F7F
                                                                                        Strings
                                                                                        • deque mutated during iteration, xrefs: 6CCA3F3C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Object_$ArrayByteCompareErr_Int_LongLong_ObjectRichStringString_True
                                                                                        • String ID: deque mutated during iteration
                                                                                        • API String ID: 157478544-601426129
                                                                                        • Opcode ID: 1d827638694c5725a992bebf70c3c538ea91b73151b411aa39315c8eac12f53e
                                                                                        • Instruction ID: 53a2b322fb54b7a795ef1afa6055c1adfc46ade9c2fdab9f67e808eaa72db2c8
                                                                                        • Opcode Fuzzy Hash: 1d827638694c5725a992bebf70c3c538ea91b73151b411aa39315c8eac12f53e
                                                                                        • Instruction Fuzzy Hash: CE41D975A043029BC700DF99D884A9AB3F5EFC8328F288A59E95887B40E331DD47C7D2
                                                                                        Function 6CCA5670 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyCallable_Check.PYTHON27(?), ref: 6CCA56A4
                                                                                          • Part of subcall function 6CD67170: PyObject_GetAttrString.PYTHON27(6CD2F42C,__call__,?,6CD2F42C,00000000), ref: 6CD6718B
                                                                                          • Part of subcall function 6CD67170: PyErr_Clear.PYTHON27(6CD2F42C,00000000), ref: 6CD67197
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,first argument must be callable or None), ref: 6CCA56C3
                                                                                        • PySequence_GetSlice.PYTHON27(?,00000001,?), ref: 6CCA56D9
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000000), ref: 6CCA56FB
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA5725
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CCA5720
                                                                                        • first argument must be callable or None, xrefs: 6CCA56BD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Object_String$AttrCallable_CheckClearErrorFatalSequence_Slice
                                                                                        • String ID: GC object already tracked$first argument must be callable or None
                                                                                        • API String ID: 381339369-1374251831
                                                                                        • Opcode ID: f4a9b10f825509898473ae3177b0885fcf8073b9b8b45b10c12f8d01f66e190b
                                                                                        • Instruction ID: cd3aba2eb8dd9bc359efa08553bf28ddb68e87fad717a72c78a9608bc2f217c0
                                                                                        • Opcode Fuzzy Hash: f4a9b10f825509898473ae3177b0885fcf8073b9b8b45b10c12f8d01f66e190b
                                                                                        • Instruction Fuzzy Hash: 6D311675A10B029FC710CF95D885A5673B4FB55328B208618EC399BB91E730E806CBE0
                                                                                        Function 6CCB6190 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_Size.PYTHON27(?), ref: 6CCB61B5
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%s() takes at most %d positional arguments (%zd given),match,00000003,?), ref: 6CCB61E1
                                                                                        • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON27(7FFFFFFF,?,|OnnO:match,6CF008BC,?,?,7FFFFFFF,?), ref: 6CCB620D
                                                                                          • Part of subcall function 6CCB4680: PyErr_CheckSignals.PYTHON27 ref: 6CCB473E
                                                                                          • Part of subcall function 6CCB5F00: free.MSVCR90 ref: 6CCB5F2A
                                                                                          • Part of subcall function 6CCB8420: PyObject_Malloc.PYTHON27(0000002F,00000000,?,?,?,?,?,6CCB62A8,?), ref: 6CCB8453
                                                                                          • Part of subcall function 6CCB8420: PyErr_NoMemory.PYTHON27(?,?,?,?,?,6CCB62A8,?), ref: 6CCB845F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Size$Arg_CheckDict_FormatKeywords_MallocMemoryObject_ParseSignalsTuplefree
                                                                                        • String ID: %s() takes at most %d positional arguments (%zd given)$match$pattern$|OnnO:match
                                                                                        • API String ID: 395870227-446452760
                                                                                        • Opcode ID: 47c0d3f06f5b62df6160a271ecd595a7c4a2f6d50d13f1014774fbc99b65cab5
                                                                                        • Instruction ID: b71c1e4064e321f89f7e77ab8cf6980228c618fce88e6521d529a61661ce363c
                                                                                        • Opcode Fuzzy Hash: 47c0d3f06f5b62df6160a271ecd595a7c4a2f6d50d13f1014774fbc99b65cab5
                                                                                        • Instruction Fuzzy Hash: EF31C5B2E00518ABDB14CFD5DC809EEB3B8FB44228F1445A9E919F7740FA31AF448B91
                                                                                        Function 6CD2B6D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,expected a single-segment buffer object), ref: 6CD2B729
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,expected a readable buffer object), ref: 6CD2B76D
                                                                                        • PyString_FromString.PYTHON27(null argument to internal routine), ref: 6CD2B796
                                                                                        • PyErr_SetObject.PYTHON27(6CEE65C8,00000000,null argument to internal routine), ref: 6CD2B79F
                                                                                        Strings
                                                                                        • expected a readable buffer object, xrefs: 6CD2B767
                                                                                        • null argument to internal routine, xrefs: 6CD2B791
                                                                                        • expected a single-segment buffer object, xrefs: 6CD2B723
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_
                                                                                        • String ID: expected a readable buffer object$expected a single-segment buffer object$null argument to internal routine
                                                                                        • API String ID: 354487993-198770205
                                                                                        • Opcode ID: d9ad18291cf0565b81a6dff22280d0a93356b409365057610ba65a3d0dda43eb
                                                                                        • Instruction ID: 7bee8f7796ef6b3f5570e8c2758abdcf869c2648e94181e98dadf80355441e05
                                                                                        • Opcode Fuzzy Hash: d9ad18291cf0565b81a6dff22280d0a93356b409365057610ba65a3d0dda43eb
                                                                                        • Instruction Fuzzy Hash: D521E836A00301ABC710DF69AC80B5673A4EB81338F204759ED79877E0D7B5E8518AD1
                                                                                        Function 6CD2B7D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,expected a single-segment buffer object), ref: 6CD2B82A
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,expected a writeable buffer object), ref: 6CD2B86F
                                                                                        • PyString_FromString.PYTHON27(null argument to internal routine), ref: 6CD2B898
                                                                                        • PyErr_SetObject.PYTHON27(6CEE65C8,00000000,null argument to internal routine), ref: 6CD2B8A1
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2B893
                                                                                        • expected a writeable buffer object, xrefs: 6CD2B869
                                                                                        • expected a single-segment buffer object, xrefs: 6CD2B824
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_
                                                                                        • String ID: expected a single-segment buffer object$expected a writeable buffer object$null argument to internal routine
                                                                                        • API String ID: 354487993-377861076
                                                                                        • Opcode ID: 34363ca1ecb790871e704cc6b268a6387b4a363cc04319657133e3e7bcbe08c0
                                                                                        • Instruction ID: b50523aea1cb98161d2c97d621d9291a6b5f0fd647c6fb397c3ccbf262e79c1f
                                                                                        • Opcode Fuzzy Hash: 34363ca1ecb790871e704cc6b268a6387b4a363cc04319657133e3e7bcbe08c0
                                                                                        • Instruction Fuzzy Hash: 77210836A01600ABD710CB69AC80B66F3A4EB85339F244729EE3D87BE0D775E840C7D1
                                                                                        Function 6CD2D7D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(__int__), ref: 6CD2D7E2
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD2D7F5
                                                                                        • PyObject_GetAttr.PYTHON27(?,?), ref: 6CD2D82E
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD2D83C
                                                                                        • PyEval_CallObjectWithKeywords.PYTHON27(00000000,00000000,00000000), ref: 6CD2D859
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,?,?), ref: 6CD2D8A7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String_$AttrCallClearEval_FormatFromInternKeywordsObjectObject_PlaceStringWith
                                                                                        • String ID: __int__
                                                                                        • API String ID: 2531902524-1878893692
                                                                                        • Opcode ID: f318b385cb22779146e5efab2be7af06177cea39f586900eacb0f9fa9667eb22
                                                                                        • Instruction ID: 5db4ffdf096fcd2c658109166c9f6ba96a03f9b120398cb27b21b50d1ea61d2f
                                                                                        • Opcode Fuzzy Hash: f318b385cb22779146e5efab2be7af06177cea39f586900eacb0f9fa9667eb22
                                                                                        • Instruction Fuzzy Hash: 9431D372E04601DBD714CB58E840A9AF3B8EF4176CF244729EA6887B50E739E906C7E1
                                                                                        Function 6CD5A940 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000002,?,?,?,6CD5AC07,?,?,00000000,?,?,?,6CD5C01A,?,?,?), ref: 6CD5A971
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD5A996
                                                                                        • PyObject_Call.PYTHON27(?,00000000,00000000), ref: 6CD5A9D6
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,comparison function must return int, not %.200s,?), ref: 6CD5AA11
                                                                                        • PyInt_AsLong.PYTHON27(00000000), ref: 6CD5AA34
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD5A991
                                                                                        • comparison function must return int, not %.200s, xrefs: 6CD5AA0B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$CallErr_ErrorFatalFormatInt_Long
                                                                                        • String ID: GC object already tracked$comparison function must return int, not %.200s
                                                                                        • API String ID: 2801527718-2912598312
                                                                                        • Opcode ID: 675122bd8719bbd9aa1d2ebcec603b5c0c30b590a760cf869e4e4cb6a92b0d96
                                                                                        • Instruction ID: 983c754e1c31ee21473b3d93507c33c59d0aa9a7101f7cd14eaa449b723a3acf
                                                                                        • Opcode Fuzzy Hash: 675122bd8719bbd9aa1d2ebcec603b5c0c30b590a760cf869e4e4cb6a92b0d96
                                                                                        • Instruction Fuzzy Hash: 8331E6B1A106229FC720CF68D841A66B3F4FF45334B218769D86D87B90E734E956CBD1
                                                                                        Function 6CCA8470 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(heap argument must be a list), ref: 6CCA8494
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,heap argument must be a list), ref: 6CCA849D
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,index out of range), ref: 6CCA84D5
                                                                                        • PyList_SetSlice.PYTHON27(?,?,?,00000000), ref: 6CCA84F7
                                                                                          • Part of subcall function 6CCA82E0: PyString_FromString.PYTHON27(index out of range), ref: 6CCA830A
                                                                                          • Part of subcall function 6CCA82E0: PyErr_SetObject.PYTHON27(6CEE5B38,00000000,index out of range), ref: 6CCA8313
                                                                                        Strings
                                                                                        • index out of range, xrefs: 6CCA84CF
                                                                                        • heap argument must be a list, xrefs: 6CCA848F
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA84CA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_$List_Slice
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$heap argument must be a list$index out of range
                                                                                        • API String ID: 1329020071-1111489249
                                                                                        • Opcode ID: 1ab2f13e37603f1915c71cb82f373aab3ce63001f1c82847e0b5c6ac24d53116
                                                                                        • Instruction ID: 690afcb3d6b9cada6940035abab3b53a42bfef10b057be0bcee32f8ec54462f0
                                                                                        • Opcode Fuzzy Hash: 1ab2f13e37603f1915c71cb82f373aab3ce63001f1c82847e0b5c6ac24d53116
                                                                                        • Instruction Fuzzy Hash: F92129767046014FD310DAA9EC84DAAB3A8EB89339B1407A6ED1CC7F40F631EC1686E1
                                                                                        Function 6CD77D80 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,00000036,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CD77DA3
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD77E44
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD77D98
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD77D9D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c$GC object already tracked
                                                                                        • API String ID: 376477240-2731488381
                                                                                        • Opcode ID: c7ca6eca7ed92a8ba7e910898380f6dd3826c8494e627f642b58dc9b80fb8897
                                                                                        • Instruction ID: c73bb100d1cda4adc75cc91778c25382c6193f2a10db7bacf45c529ed51b9b64
                                                                                        • Opcode Fuzzy Hash: c7ca6eca7ed92a8ba7e910898380f6dd3826c8494e627f642b58dc9b80fb8897
                                                                                        • Instruction Fuzzy Hash: E631F972B00202EFCB21CF99E891665F3B4E746765B610B6ADD1983B60E732985687E0
                                                                                        Function 6CD2C140 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • %.100s.__format__ must return string or unicode, not %.100s, xrefs: 6CD2C390
                                                                                        • __format__, xrefs: 6CD2C2D5
                                                                                        • format expects arg 2 to be string or unicode, not %.100s, xrefs: 6CD2C3BC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: %.100s.__format__ must return string or unicode, not %.100s$__format__$format expects arg 2 to be string or unicode, not %.100s
                                                                                        • API String ID: 0-3990589480
                                                                                        • Opcode ID: b3d253cddfdcb337699eb943027c972ab34e02350bdd1480132900265c7d2108
                                                                                        • Instruction ID: ca8639b2f0a8ef98131e4bcd1626bdb2c6e9aac64fbd8590014603b45ae1f98b
                                                                                        • Opcode Fuzzy Hash: b3d253cddfdcb337699eb943027c972ab34e02350bdd1480132900265c7d2108
                                                                                        • Instruction Fuzzy Hash: 0A31C775A00104DBE710EF59C440B9EB3B4BF8432CF248648EA2497AA0D339ED41CBD1
                                                                                        Function 6CCB8070 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000002), ref: 6CCB80A4
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB80CA
                                                                                        • PyInt_FromLong.PYTHON27 ref: 6CCB8102
                                                                                        • _PyLong_FromByteArray.PYTHON27(?,00000004,00000001,00000001), ref: 6CCB811B
                                                                                          • Part of subcall function 6CD5DBF0: PyLong_FromLong.PYTHON27(?,00000001,?,6CD2E114), ref: 6CD5DC05
                                                                                        • PyInt_FromLong.PYTHON27(000000FE), ref: 6CCB8139
                                                                                        • _PyLong_FromByteArray.PYTHON27(?,00000004,00000001,00000001), ref: 6CCB8152
                                                                                          • Part of subcall function 6CD5DBF0: PyErr_SetString.PYTHON27(6CEE63F8,byte array too long to convert to int,?,?), ref: 6CD5DC8C
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CCB80C5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$LongLong_$ArrayByteInt_$Err_ErrorFatalObject_String
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 194711319-3349536495
                                                                                        • Opcode ID: 8870d58777536db1aae658ed8158004ebc805979af524ec6a2c752f79d0f0ed6
                                                                                        • Instruction ID: d4c4ed65143fd1fcbf2e08c5b588b751c527ce0c1263e5a0475715a9f2ba12e5
                                                                                        • Opcode Fuzzy Hash: 8870d58777536db1aae658ed8158004ebc805979af524ec6a2c752f79d0f0ed6
                                                                                        • Instruction Fuzzy Hash: 7331C8B1A003029BD710DF68DC41B86B3F4BB51724F10472AD979A7BC0F771A5598B91
                                                                                        Function 6CCA8610 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,heappushpop,00000002,00000002,?,?), ref: 6CCA862B
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,heap argument must be a list), ref: 6CCA8652
                                                                                          • Part of subcall function 6CCA8130: PyString_FromString.PYTHON27(__lt__), ref: 6CCA8144
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,index out of range), ref: 6CCA869D
                                                                                          • Part of subcall function 6CCA82E0: PyString_FromString.PYTHON27(index out of range), ref: 6CCA830A
                                                                                          • Part of subcall function 6CCA82E0: PyErr_SetObject.PYTHON27(6CEE5B38,00000000,index out of range), ref: 6CCA8313
                                                                                        Strings
                                                                                        • index out of range, xrefs: 6CCA8697
                                                                                        • heap argument must be a list, xrefs: 6CCA864C
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA8691
                                                                                        • heappushpop, xrefs: 6CCA8625
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Err_$FromString_$Object$Arg_TupleUnpack
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$heap argument must be a list$heappushpop$index out of range
                                                                                        • API String ID: 3571261255-3552649903
                                                                                        • Opcode ID: 51f4c656c1943362d70330f63ae529f85e4a26e23f9b66be4c945ca802f9600c
                                                                                        • Instruction ID: 6d54687d12cb061b05ad08a71b2c5665b4a67a5533d909ee0ecdfb140f30dc91
                                                                                        • Opcode Fuzzy Hash: 51f4c656c1943362d70330f63ae529f85e4a26e23f9b66be4c945ca802f9600c
                                                                                        • Instruction Fuzzy Hash: 5D21A535A00204AFDB00DFA4D888D99B3F4EF49328F244695EC0997BA1F731ED06D791
                                                                                        Function 6CD63660 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_NoMemory.PYTHON27(?,?,6CD638F0,00000014,?), ref: 6CD6366E
                                                                                          • Part of subcall function 6CDC0380: PyErr_GivenExceptionMatches.PYTHON27(00000000,6CEE67A8,?,6CD77E82,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CDC0396
                                                                                          • Part of subcall function 6CDC0380: PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CDC03B3
                                                                                        • malloc.MSVCR90 ref: 6CD63690
                                                                                        • PyErr_NoMemory.PYTHON27(00000000,?,?,6CD638F0,00000014,?), ref: 6CD6369F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Memory$ExceptionGivenMatchesObjectmalloc
                                                                                        • String ID: F
                                                                                        • API String ID: 3549491605-1304234792
                                                                                        • Opcode ID: 195db0cdd226875a8092a83af8728c6b3124c7bc5bb583b0ec081563c505df6c
                                                                                        • Instruction ID: 718e5239e9c8180c204337eee6b0c9e68e4d15338fa170d8a646ea030f04f5b0
                                                                                        • Opcode Fuzzy Hash: 195db0cdd226875a8092a83af8728c6b3124c7bc5bb583b0ec081563c505df6c
                                                                                        • Instruction Fuzzy Hash: E821F4B1600604ABD7109FA5D981A6B77BCDF4133CF104759FC2AC7FA0E675E804CA61
                                                                                        Function 6CD8C010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyInt_FromLong.PYTHON27(00000001,?,?,?,6CD8C173,6CEDFB7C,00000000,6CEDFB7C,6CEDFB7C,?,6CD8C7E7,6CEDFB7C), ref: 6CD8C01C
                                                                                        • PyObject_GetItem.PYTHON27(?,00000000,6CEDFB7C), ref: 6CD8C033
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE5A68,?,?,6CEDFB7C), ref: 6CD8C063
                                                                                        • PyErr_Clear.PYTHON27(?,?,?,?,6CEDFB7C), ref: 6CD8C06F
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,character mapping must return integer, None or str,?,?,6CEDFB7C), ref: 6CD8C0C5
                                                                                        Strings
                                                                                        • character mapping must return integer, None or str, xrefs: 6CD8C0B9
                                                                                        • character mapping must be in range(256), xrefs: 6CD8C0AB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ClearExceptionFromGivenInt_ItemLongMatchesObject_String
                                                                                        • String ID: character mapping must be in range(256)$character mapping must return integer, None or str
                                                                                        • API String ID: 2078585664-499293463
                                                                                        • Opcode ID: 12af6d69799703f59a1c4640b864f3ea39711148f9e24206e3a62d9042d26b7d
                                                                                        • Instruction ID: c84b610d93c96f21fca8f15771a9abf573c969240274a4b28b5448bff1c9f077
                                                                                        • Opcode Fuzzy Hash: 12af6d69799703f59a1c4640b864f3ea39711148f9e24206e3a62d9042d26b7d
                                                                                        • Instruction Fuzzy Hash: C921F9B6A01601D7C620DB69EC009A773B8DBC4378F140329FD68C7BA0E729EC56C6E1
                                                                                        Function 6CCA8550 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,heapreplace,00000002,00000002,?,?), ref: 6CCA856B
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,heap argument must be a list), ref: 6CCA8592
                                                                                          • Part of subcall function 6CCA82E0: PyString_FromString.PYTHON27(index out of range), ref: 6CCA830A
                                                                                          • Part of subcall function 6CCA82E0: PyErr_SetObject.PYTHON27(6CEE5B38,00000000,index out of range), ref: 6CCA8313
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,index out of range), ref: 6CCA85B1
                                                                                        Strings
                                                                                        • index out of range, xrefs: 6CCA85AB
                                                                                        • heapreplace, xrefs: 6CCA8565
                                                                                        • heap argument must be a list, xrefs: 6CCA858C
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA85A6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_$Arg_TupleUnpack
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$heap argument must be a list$heapreplace$index out of range
                                                                                        • API String ID: 3032523836-2219187811
                                                                                        • Opcode ID: b28dfdc74ac6902b687fde62651fbd42a205418d38f8ee9bed34fa6e0f0a76aa
                                                                                        • Instruction ID: 7de0d4f8683a13c59dcf4b36ae35a31e27502f565828f47e805656913ad6587a
                                                                                        • Opcode Fuzzy Hash: b28dfdc74ac6902b687fde62651fbd42a205418d38f8ee9bed34fa6e0f0a76aa
                                                                                        • Instruction Fuzzy Hash: 7611D235A00204AFDB00DBE8DC89D9AB3F8EB49318F108695EC08D7B51FA31ED0587D0
                                                                                        Function 6CD3ECA0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyCapsule_GetName.PYTHON27(?), ref: 6CD3ECBA
                                                                                          • Part of subcall function 6CD39220: PyErr_SetString.PYTHON27(6CEE5D10,PyCapsule_GetName called with invalid PyCapsule object), ref: 6CD39244
                                                                                        • PyCapsule_GetPointer.PYTHON27(?,00000000,?), ref: 6CD3ECC1
                                                                                          • Part of subcall function 6CD391C0: PyErr_SetString.PYTHON27(6CEE5D10,PyCapsule_GetPointer called with invalid PyCapsule object), ref: 6CD391E6
                                                                                        • PyString_FromString.PYTHON27(PyCObject_AsVoidPtr called with null pointer), ref: 6CD3ED09
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,PyCObject_AsVoidPtr called with null pointer), ref: 6CD3ED12
                                                                                        Strings
                                                                                        • PyCObject_AsVoidPtr called with null pointer, xrefs: 6CD3ED04
                                                                                        • PyCObject_AsVoidPtr with non-C-object, xrefs: 6CD3ECE4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$Capsule_$FromNameObjectPointerString_
                                                                                        • String ID: PyCObject_AsVoidPtr called with null pointer$PyCObject_AsVoidPtr with non-C-object
                                                                                        • API String ID: 4117292631-4195522665
                                                                                        • Opcode ID: f2c90a79bd765a8428ef2a30114704d006ac9b8635132709bcfff831ae58ff50
                                                                                        • Instruction ID: 71c42ad9f4f20cb5cb98726a0350091de7a8b4002e5cc623b94cc32523c1c9e7
                                                                                        • Opcode Fuzzy Hash: f2c90a79bd765a8428ef2a30114704d006ac9b8635132709bcfff831ae58ff50
                                                                                        • Instruction Fuzzy Hash: E6010436E11434A7C6119798B8019DE33B8DB8A278B141765EC2CABF90EB25ED5683E1
                                                                                        Function 6CCB60E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,Argument given by name ('%s') and position (1)), ref: 6CCB6107
                                                                                        • sprintf.MSVCR90 ref: 6CCB6128
                                                                                        • PyErr_WarnEx.PYTHON27(6CEE6B30,?,00000001), ref: 6CCB613A
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,Required argument 'string' (pos 1) not found), ref: 6CCB616C
                                                                                        Strings
                                                                                        • Argument given by name ('%s') and position (1), xrefs: 6CCB6101
                                                                                        • The '%s' keyword parameter name is deprecated. Use 'string' instead., xrefs: 6CCB6122
                                                                                        • Required argument 'string' (pos 1) not found, xrefs: 6CCB6166
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatStringWarnsprintf
                                                                                        • String ID: Argument given by name ('%s') and position (1)$Required argument 'string' (pos 1) not found$The '%s' keyword parameter name is deprecated. Use 'string' instead.
                                                                                        • API String ID: 3032582101-1497271356
                                                                                        • Opcode ID: c934b26fc0b1678040f90c7fe8d369d5552732f86f272850870ea1cb08243c25
                                                                                        • Instruction ID: 2247d10ee0b83827ddc75e303e02464bafe8edcf0a794cffaa0bee0242ace691
                                                                                        • Opcode Fuzzy Hash: c934b26fc0b1678040f90c7fe8d369d5552732f86f272850870ea1cb08243c25
                                                                                        • Instruction Fuzzy Hash: E5110E75B006086BCB48DBB8DD52AAE73B8DB49208B50045DEC0EE7B40EA39AA048391
                                                                                        Function 6CCB8190 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,span,00000000,00000001,?), ref: 6CCB81B4
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                          • Part of subcall function 6CCB7BB0: PyObject_GetItem.PYTHON27(?), ref: 6CCB7BCE
                                                                                          • Part of subcall function 6CCB7BB0: PyInt_AsSsize_t.PYTHON27(00000000), ref: 6CCB7BE9
                                                                                        • PyString_FromString.PYTHON27(no such group), ref: 6CCB81F7
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,no such group), ref: 6CCB8200
                                                                                          • Part of subcall function 6CCB8070: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB80CA
                                                                                          • Part of subcall function 6CCB8070: PyInt_FromLong.PYTHON27 ref: 6CCB8102
                                                                                          • Part of subcall function 6CCB8070: PyInt_FromLong.PYTHON27(000000FE), ref: 6CCB8139
                                                                                        Strings
                                                                                        • cl, xrefs: 6CCB81AC
                                                                                        • span, xrefs: 6CCB81A6
                                                                                        • no such group, xrefs: 6CCB81F2
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCB81EC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Int_$Err_LongObjectStringString_$Arg_ErrorFatalItemObject_Ssize_tTupleUnpack
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$no such group$span$cl
                                                                                        • API String ID: 1402233924-841946148
                                                                                        • Opcode ID: f84dd082d89cc263d5b12772030334f165841393208ce7eb7f6b73118f0701b8
                                                                                        • Instruction ID: e05794af70f44b5be702c7d625eb61ac9c11191e4dee7859a0e26aa113f90f9e
                                                                                        • Opcode Fuzzy Hash: f84dd082d89cc263d5b12772030334f165841393208ce7eb7f6b73118f0701b8
                                                                                        • Instruction Fuzzy Hash: 7D112976641A016BD6109B95EC41EAB73ACDB89374F200759FD5C93B41F731E80187B2
                                                                                        Function 00401B90 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: __iob_func$getenv
                                                                                        • String ID: <stdin>$<stdin>$PYTHONINSPECT$path
                                                                                        • API String ID: 952159037-346035110
                                                                                        • Opcode ID: 38fc9347ebd0b39b6a251194a392424c584476c304bd1f4b767da579e09a30c7
                                                                                        • Instruction ID: 3a0cd90c33e045019f3d85b4f9523035d4d057a98ccbf2b2234be1e6514390f9
                                                                                        • Opcode Fuzzy Hash: 38fc9347ebd0b39b6a251194a392424c584476c304bd1f4b767da579e09a30c7
                                                                                        • Instruction Fuzzy Hash: 2F018471A41710ABD61027B5AF0DB1F3A68DF41752F080036FD05F62A1EA39D924CEBE
                                                                                        Function 6CDCF0A0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isspace.MSVCR90 ref: 6CDCF0B9
                                                                                        • PyOS_strtoul.PYTHON27(?,?,?,?,?,?,6CD57604,?,?,?), ref: 6CDCF0E1
                                                                                        • _errno.MSVCR90 ref: 6CDCF10B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: S_strtoul_errnoisspace
                                                                                        • String ID: +$-$-$-
                                                                                        • API String ID: 607549006-1581796996
                                                                                        • Opcode ID: 7e1373d07c91123bdead352cca854ca2b15a332ce6c005013e32b5122e0afb82
                                                                                        • Instruction ID: afd55f6b5c255b0b220aa33b5bae20baef65d595c01ad46ade1ea10a8a8675cb
                                                                                        • Opcode Fuzzy Hash: 7e1373d07c91123bdead352cca854ca2b15a332ce6c005013e32b5122e0afb82
                                                                                        • Instruction Fuzzy Hash: 8001F7717492199EFB104B59E8017E777ADDB4277CF281643FCA8C7AA1C236984147A3
                                                                                        Function 6CD5FDB0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyLong_Frexp.PYTHON27(?,?), ref: 6CD5FDD2
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,long int too large to convert to float), ref: 6CD5FE0D
                                                                                        • ldexp.MSVCR90 ref: 6CD5FE26
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,00000920), ref: 6CD5FE49
                                                                                        Strings
                                                                                        • long int too large to convert to float, xrefs: 6CD5FE07
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5FE43
                                                                                        • ..\Objects\longobject.c, xrefs: 6CD5FE3E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatFrexpLong_Stringldexp
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\longobject.c$long int too large to convert to float
                                                                                        • API String ID: 1971418049-180189209
                                                                                        • Opcode ID: 7cf8492289c7c6c461fad073ca97d78339502992032b5bf07da1c4f9dd03e666
                                                                                        • Instruction ID: 817007994ee2937eda467048a0fd21ed8d6e73070dc668871c9a2687658a0028
                                                                                        • Opcode Fuzzy Hash: 7cf8492289c7c6c461fad073ca97d78339502992032b5bf07da1c4f9dd03e666
                                                                                        • Instruction Fuzzy Hash: 46012670B00104DBDF00EB58D989F253778DB8535DF904A89FA484B6A1EB31D87987D6
                                                                                        Function 6CD58D20 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_Check.PYTHON27(6CD2FF2A,?,?,?,6CD2FF2A,?), ref: 6CD58D2C
                                                                                          • Part of subcall function 6CD2DF00: PyObject_GetAttrString.PYTHON27(?,__getitem__), ref: 6CD2DF1A
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\iterobject.c,00000011,?), ref: 6CD58D4A
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000010,?), ref: 6CD58D61
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked,?,?), ref: 6CD58D96
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD58D91
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD58D44
                                                                                        • ..\Objects\iterobject.c, xrefs: 6CD58D3F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$AttrCheckErr_ErrorFatalFormatMallocSequence_String
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\iterobject.c$GC object already tracked
                                                                                        • API String ID: 2777691447-818080213
                                                                                        • Opcode ID: 075d7a6cf396e744876d5078972ef93c327d0c769bd256ad1a7318ae0415fcc1
                                                                                        • Instruction ID: 248d02047f6f365bb6923c66639b75fd78622b58bf62448af93f1798cfda80c5
                                                                                        • Opcode Fuzzy Hash: 075d7a6cf396e744876d5078972ef93c327d0c769bd256ad1a7318ae0415fcc1
                                                                                        • Instruction Fuzzy Hash: 001106B1B002019BCB108F95DC02656F3F4FB55368F104A2FE96887B61E775E456CBD1
                                                                                        Function 6CDD0EC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(6CF6F1C3,?,?,6CD65944), ref: 6CDD0ECB
                                                                                        • TlsGetValue.KERNEL32(?,?,6CD65944), ref: 6CDD0ED4
                                                                                        • SetLastError.KERNEL32(00000000,?,6CD65944), ref: 6CDD0EDD
                                                                                        • Py_FatalError.PYTHON27(Couldn't create thread-state for new thread), ref: 6CDD0F06
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000,?,6CD65944), ref: 6CDD0F25
                                                                                        • PyEval_InitThreads.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CD65944), ref: 6CDD0F34
                                                                                          • Part of subcall function 6CDD0600: malloc.MSVCR90 ref: 6CDD0607
                                                                                          • Part of subcall function 6CDD0600: GetCurrentThreadId.KERNEL32 ref: 6CDD065C
                                                                                          • Part of subcall function 6CDD0600: _PyThreadState_Init.PYTHON27(00000000), ref: 6CDD0692
                                                                                          • Part of subcall function 6CDD0600: InterlockedDecrement.KERNEL32(?), ref: 6CDD06C9
                                                                                          • Part of subcall function 6CDD0600: SetEvent.KERNEL32(?), ref: 6CDD06D7
                                                                                        Strings
                                                                                        • Couldn't create thread-state for new thread, xrefs: 6CDD0F01
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugErrorOutputStringThread$Eval_InitLast__iob_func$CurrentDecrementEventFatalInterlockedRestoreState_ThreadsValueabortfflushfprintfmalloc
                                                                                        • String ID: Couldn't create thread-state for new thread
                                                                                        • API String ID: 4077047371-820119880
                                                                                        • Opcode ID: a884536bf07d92b66a95a6da6524d62379d9f03e928e79a7cefe81f3417e8618
                                                                                        • Instruction ID: 310df860fc28d3ed578296a0105c3b5e15f69a7548b52816a9f3620ea283133f
                                                                                        • Opcode Fuzzy Hash: a884536bf07d92b66a95a6da6524d62379d9f03e928e79a7cefe81f3417e8618
                                                                                        • Instruction Fuzzy Hash: 26017B73E106124BDB115BF9898488B32F9AFC92E832B0125E54593A10EB34F80583A2
                                                                                        Function 6CD59520 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,000000B6), ref: 6CD5954B
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD59545
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD5958F
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD59540
                                                                                        • list index out of range, xrefs: 6CD59578
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c$8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$list index out of range
                                                                                        • API String ID: 376477240-158703121
                                                                                        • Opcode ID: 04780cfcd909fcaec95d1be885ff4e2da2d09be81977c823aa527d57401f9d10
                                                                                        • Instruction ID: 8210dc9e16a5527e4640d37a98f8b645390a144f8a0815b8c379b302c5b2d4e2
                                                                                        • Opcode Fuzzy Hash: 04780cfcd909fcaec95d1be885ff4e2da2d09be81977c823aa527d57401f9d10
                                                                                        • Instruction Fuzzy Hash: CE01DFB4B002049BDB10DFA9DC41A1573B8DB05358F548699FC1CCBB51EA32E5628BA2
                                                                                        Function 6CDC5EE0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Python\getargs.c,0000078E,?,6CCB1E1D,Random(),?), ref: 6CDC5F14
                                                                                        Strings
                                                                                        • %s does not take keyword arguments, xrefs: 6CDC5F39
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CDC5F0E
                                                                                        • (}l, xrefs: 6CDC5EF6
                                                                                        • ..\Python\getargs.c, xrefs: 6CDC5F09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s does not take keyword arguments$%s:%d: bad argument to internal function$(}l$..\Python\getargs.c
                                                                                        • API String ID: 376477240-2202889695
                                                                                        • Opcode ID: e396e48aaac28c277ef2acc9e88fba8d56a20ed186014a9a69cf7d0001dc8a0d
                                                                                        • Instruction ID: 32319797fdd1ae15f3e8d04499ad43c31ad07ebdac9826665cd50c890455bfb1
                                                                                        • Opcode Fuzzy Hash: e396e48aaac28c277ef2acc9e88fba8d56a20ed186014a9a69cf7d0001dc8a0d
                                                                                        • Instruction Fuzzy Hash: F3F0BBB9B041086BD700E7A4AD46A6673AC8B0535DF108A54FC2CC7B51FA66E52056D2
                                                                                        Function 6CD5B050 Relevance: 12.3, APIs: 8, Instructions: 278COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_RichCompare.PYTHON27(00000000,?,00000000,?,?,?,?,00000000), ref: 6CD5B087
                                                                                        • PyObject_RichCompare.PYTHON27(00000000,?,00000000,?,?,00000000), ref: 6CD5B11B
                                                                                        • PyObject_IsTrue.PYTHON27(00000000,?,?,?,?,?,00000000), ref: 6CD5B147
                                                                                          • Part of subcall function 6CD5A940: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD5A996
                                                                                          • Part of subcall function 6CD5A940: PyObject_Call.PYTHON27(?,00000000,00000000), ref: 6CD5A9D6
                                                                                          • Part of subcall function 6CD5A940: PyErr_Format.PYTHON27(6CEE48B0,comparison function must return int, not %.200s,?), ref: 6CD5AA11
                                                                                        • PyObject_RichCompare.PYTHON27(00000000,?,00000000,?,?,00000000), ref: 6CD5B1F1
                                                                                        • PyObject_RichCompare.PYTHON27(00000000,?,00000000,?,?,00000000), ref: 6CD5B2B1
                                                                                        • PyObject_IsTrue.PYTHON27(00000000,?,?,?,?,?,00000000), ref: 6CD5B2E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$CompareRich$True$CallErr_ErrorFatalFormat
                                                                                        • String ID:
                                                                                        • API String ID: 3578634454-0
                                                                                        • Opcode ID: 3414bd73520cbfd8f2bf2fab47e87fac40a277c05443bff2b227edc50a0b5dc3
                                                                                        • Instruction ID: b46c9314092f49346fe317976d4eabf8f7f986cb0b8a7f708257edfd5e264d44
                                                                                        • Opcode Fuzzy Hash: 3414bd73520cbfd8f2bf2fab47e87fac40a277c05443bff2b227edc50a0b5dc3
                                                                                        • Instruction Fuzzy Hash: 2691D771A04109EBCF00CFADD981A8E77B4AF04364F548265E859DBBE4E734ED61CBA1
                                                                                        Function 6CCA8F50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_InitModule4.PYTHON27(_heapq,6CF0C8E8,Heap queue algorithm (a.k.a. priority queue).Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of ,00000000,000003F5), ref: 6CCA8F67
                                                                                        • PyString_FromString.PYTHON27(Heap queues[explanation by Franois Pinard]Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of ), ref: 6CCA8F7A
                                                                                        • PyModule_AddObject.PYTHON27(00000000,__about__,00000000,Heap queues[explanation by Franois Pinard]Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of ), ref: 6CCA8F86
                                                                                          • Part of subcall function 6CDCEC70: PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        Strings
                                                                                        • __about__, xrefs: 6CCA8F80
                                                                                        • _heapq, xrefs: 6CCA8F62
                                                                                        • Heap queue algorithm (a.k.a. priority queue).Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of , xrefs: 6CCA8F58
                                                                                        • Heap queues[explanation by Franois Pinard]Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of , xrefs: 6CCA8F75
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Err_FromInitModule4Module_ObjectString_SubtypeType_
                                                                                        • String ID: Heap queue algorithm (a.k.a. priority queue).Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of $Heap queues[explanation by Franois Pinard]Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] forall k, counting elements from 0. For the sake of comparison,non-existing elements are considered to be infinite. The interestingproperty of $__about__$_heapq
                                                                                        • API String ID: 2338541038-978301229
                                                                                        • Opcode ID: 866015103dc57072bbe82fbf9ecef2054e1fc0528a95eaebcb070343a948b750
                                                                                        • Instruction ID: 8d3cbd6dd250eaf80e0c8b2d6477300e74c1aa28a18a46c5c125c5ccf17d961a
                                                                                        • Opcode Fuzzy Hash: 866015103dc57072bbe82fbf9ecef2054e1fc0528a95eaebcb070343a948b750
                                                                                        • Instruction Fuzzy Hash: 90D0A962EC2A2233E52133682C1AFFA00098B50E58F590CA0F8047AFE5F6022D0960FF
                                                                                        Function 6CCA9C60 Relevance: 12.1, APIs: 8, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_GetItem.PYTHON27(?,?), ref: 6CCA9C6F
                                                                                        • PyDict_New.PYTHON27 ref: 6CCA9C7F
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • Py_BuildValue.PYTHON27(6CDEBAA8,?,00000000), ref: 6CCA9C9B
                                                                                        • PyDict_SetItem.PYTHON27(?,?,00000000), ref: 6CCA9CB2
                                                                                        • PyInt_FromLong.PYTHON27(?), ref: 6CCA9D22
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA9D30
                                                                                        • PyDict_GetItem.PYTHON27(?,00000000), ref: 6CCA9D42
                                                                                        • PyDict_SetItem.PYTHON27(?,00000000,?), ref: 6CCA9D91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_$Item$From$BuildClearErr_Int_LongStringString_Value
                                                                                        • String ID:
                                                                                        • API String ID: 232765214-0
                                                                                        • Opcode ID: 9864ec9b6af4ed473f633098da09f5b040d84008a62efd3561a42f5528fc1a37
                                                                                        • Instruction ID: 934a2b4f19e969f34a078ea805c4a087d36ab6a93f75ba82a19476b3fc736be4
                                                                                        • Opcode Fuzzy Hash: 9864ec9b6af4ed473f633098da09f5b040d84008a62efd3561a42f5528fc1a37
                                                                                        • Instruction Fuzzy Hash: BF41A175E01501ABC700DFA8DC8599A73B8AF44338B144798EC2987781F732ED56C7E1
                                                                                        Function 6CD405B0 Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Iatan2IcosIexpIlogIpowIsin_errno_hypot
                                                                                        • String ID:
                                                                                        • API String ID: 482299394-0
                                                                                        • Opcode ID: 02de03caa3d0a54239ca18a620b0d5c2e1fb58efc0a08331c024f9fb3bac724c
                                                                                        • Instruction ID: b5f224de11a0ccbf5d833f875b76b111c4802f63669c0fb3b35c101fa5535245
                                                                                        • Opcode Fuzzy Hash: 02de03caa3d0a54239ca18a620b0d5c2e1fb58efc0a08331c024f9fb3bac724c
                                                                                        • Instruction Fuzzy Hash: AF31B871A04506E2CB027F14E5457C93FB4EF863A4F114AC9EACA716F4EB32883487C9
                                                                                        Function 6CCB1000 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno_isnan
                                                                                        • String ID:
                                                                                        • API String ID: 68835812-0
                                                                                        • Opcode ID: 873d46c6d0032fe2d83a47d1e85fa8a50de925c91a494dca523b1def2d33318c
                                                                                        • Instruction ID: b8362951c4515c2ceea4788c55ae326c46d9c69bd1a6f37606a025958a484156
                                                                                        • Opcode Fuzzy Hash: 873d46c6d0032fe2d83a47d1e85fa8a50de925c91a494dca523b1def2d33318c
                                                                                        • Instruction Fuzzy Hash: 7B31DD62E0150962DF023EA9F9052D53FB8EB07291F214BD5DC89716A4FF3389694BC5
                                                                                        Function 6CD53DD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 227COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • frexp.MSVCR90 ref: 6CD53E1D
                                                                                        • ldexp.MSVCR90 ref: 6CD53E6E
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,float too large to pack with d format), ref: 6CD53FA7
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,frexp() result out of range), ref: 6CD53FC8
                                                                                        Strings
                                                                                        • float too large to pack with d format, xrefs: 6CD53FA1
                                                                                        • frexp() result out of range, xrefs: 6CD53FC0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$frexpldexp
                                                                                        • String ID: float too large to pack with d format$frexp() result out of range
                                                                                        • API String ID: 210449120-471396154
                                                                                        • Opcode ID: f9a1d106eb5a5c1843b5051636344b9f73e933eaaa05187b242506856093e2c7
                                                                                        • Instruction ID: 4502a7372bddd5dd74842c502b42151a660d223729edd856d750c57c2a9a7a08
                                                                                        • Opcode Fuzzy Hash: f9a1d106eb5a5c1843b5051636344b9f73e933eaaa05187b242506856093e2c7
                                                                                        • Instruction Fuzzy Hash: 44713772B0A28296CF111F28D98039A7FF0DF92354F540A6DFCC5937A2E632C865C796
                                                                                        Function 6CD887C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_NoMemory.PYTHON27(?,00000000,00000000), ref: 6CD887EC
                                                                                          • Part of subcall function 6CDC0380: PyErr_GivenExceptionMatches.PYTHON27(00000000,6CEE67A8,?,6CD77E82,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CDC0396
                                                                                          • Part of subcall function 6CDC0380: PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CDC03B3
                                                                                        • PyObject_Malloc.PYTHON27(00000015,?,?,?,00000000,00000000), ref: 6CD88807
                                                                                        • PyString_InternInPlace.PYTHON27(00000000,?,00000000,00000000), ref: 6CD88839
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ExceptionGivenInternMallocMatchesMemoryObjectObject_PlaceString_
                                                                                        • String ID: hl
                                                                                        • API String ID: 349208754-3313420889
                                                                                        • Opcode ID: f625e2f14fa751df26ab7613abb87cda532b1e99276ef2026ab7b5c086ee1dce
                                                                                        • Instruction ID: 353f8d1eb6e2589912c358cde8318cca5e316f2ab19b5914c9ce2c23d09f732f
                                                                                        • Opcode Fuzzy Hash: f625e2f14fa751df26ab7613abb87cda532b1e99276ef2026ab7b5c086ee1dce
                                                                                        • Instruction Fuzzy Hash: FF617475906256CFDB10AF59DC403EEBBB1EB41318F9482AFC8E58BA61D3748186C392
                                                                                        Function 6CD5A610 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 192COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetIter.PYTHON27(?,-00000010,00000000), ref: 6CD5A644
                                                                                          • Part of subcall function 6CD2FF00: PySequence_Check.PYTHON27(?), ref: 6CD2FF18
                                                                                          • Part of subcall function 6CD2FF00: PySeqIter_New.PYTHON27(?), ref: 6CD2FF25
                                                                                        • _PyObject_LengthHint.PYTHON27(?,00000008), ref: 6CD5A663
                                                                                          • Part of subcall function 6CD2B130: PyObject_Size.PYTHON27(?), ref: 6CD2B13C
                                                                                          • Part of subcall function 6CD2B130: PyErr_GivenExceptionMatches.PYTHON27(?,6CEE48B0), ref: 6CD2B160
                                                                                          • Part of subcall function 6CD2B130: PyErr_GivenExceptionMatches.PYTHON27(?,6CEE55C0), ref: 6CD2B17D
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CD5A71D
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD5A729
                                                                                        • PySequence_Fast.PYTHON27(?,argument must be iterable,-00000010,00000000), ref: 6CD5A764
                                                                                        Strings
                                                                                        • argument must be iterable, xrefs: 6CD5A75E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ExceptionGivenMatchesObject_$Sequence_$CheckClearFastHintIterIter_LengthSize
                                                                                        • String ID: argument must be iterable
                                                                                        • API String ID: 3611713048-1209305317
                                                                                        • Opcode ID: 43b0f14f5024598b44b0c94a53d3946c205a51b571a8d8349950890f4e8d40ea
                                                                                        • Instruction ID: 5e951de80227f120cd4c034d54a8611600687c26f09e6019454c13c114234d38
                                                                                        • Opcode Fuzzy Hash: 43b0f14f5024598b44b0c94a53d3946c205a51b571a8d8349950890f4e8d40ea
                                                                                        • Instruction Fuzzy Hash: B251A775A04612CFCB00DF64D48096AB3B0BF45328B644769ED298BB61E734ED66CBE1
                                                                                        Function 6CCB08A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 142COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB08FF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatal
                                                                                        • String ID: ((OllddO))$GC object already tracked
                                                                                        • API String ID: 2938028924-2749141861
                                                                                        • Opcode ID: c7e002d0465c06833abfe9e5973a728c90b1f37d0efe9851f83cb4c37fe9e115
                                                                                        • Instruction ID: f21c3c4b5702cda83366f989a65933b33099a90b3d3b68b62b1c8ff35da26dd7
                                                                                        • Opcode Fuzzy Hash: c7e002d0465c06833abfe9e5973a728c90b1f37d0efe9851f83cb4c37fe9e115
                                                                                        • Instruction Fuzzy Hash: 5341F1B2B006419FDB10DFA9D981856B7F4FB483287208A6DD869D7B41E731E895CBD0
                                                                                        Function 6CD665D0 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: _finite$DoubleFromLong__isnanmodf
                                                                                        • String ID:
                                                                                        • API String ID: 3759321570-0
                                                                                        • Opcode ID: 3679c9522c3f4bd61ee406b6172cd18d3b3627e6a52fe1d507ea42bca08118e7
                                                                                        • Instruction ID: 3e0abcc8d1f19f4a44bae3d169176cedc57acee2790accd4eccc5525789c87fd
                                                                                        • Opcode Fuzzy Hash: 3679c9522c3f4bd61ee406b6172cd18d3b3627e6a52fe1d507ea42bca08118e7
                                                                                        • Instruction Fuzzy Hash: 3431B772A14405D3CB007F69FD0929D7BB8EB45369F0407A9FD98D1AA0EB31892EC7D6
                                                                                        Function 6CCADFA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,OOOOOOOOO:make_encoder,6CF0B8BC,?,?,?,?,?,?,?,?,?), ref: 6CCADFDC
                                                                                        • PyObject_IsTrue.PYTHON27(?), ref: 6CCADFF1
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,make_encoder() argument 1 must be dict or None, not %.200s,?), ref: 6CCAE025
                                                                                        Strings
                                                                                        • make_encoder() argument 1 must be dict or None, not %.200s, xrefs: 6CCAE01F
                                                                                        • OOOOOOOOO:make_encoder, xrefs: 6CCADFD5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_Err_FormatKeywordsObject_ParseTrueTuple
                                                                                        • String ID: OOOOOOOOO:make_encoder$make_encoder() argument 1 must be dict or None, not %.200s
                                                                                        • API String ID: 1781283350-23895984
                                                                                        • Opcode ID: 0d920d29c4f4aeefb912bfde9ae4f1044909515e84441fcb10f2f98081c21a57
                                                                                        • Instruction ID: b38c3a99f31b52bf2cf6970c9463c82a69b220171e6544484295ce0c405a8c44
                                                                                        • Opcode Fuzzy Hash: 0d920d29c4f4aeefb912bfde9ae4f1044909515e84441fcb10f2f98081c21a57
                                                                                        • Instruction Fuzzy Hash: DD412EB5A006099FC724CF99D880DABB7F8FF48314B00865EE94A97B11E731E916DF90
                                                                                        Function 6CCB7DF0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON27(?,?,|O:groupdict,6CF0A20C,?), ref: 6CCB7E13
                                                                                        • PyDict_New.PYTHON27 ref: 6CCB7E25
                                                                                        • _PyObject_CallMethod_SizeT.PYTHON27(?,keys,00000000), ref: 6CCB7E51
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Size$Arg_CallDict_Keywords_Method_Object_ParseTuple
                                                                                        • String ID: keys$|O:groupdict
                                                                                        • API String ID: 2100346386-554732576
                                                                                        • Opcode ID: bf93a7578d3f66877a394e3814edabf094def34bc10d24d459a0f3ea96abfd83
                                                                                        • Instruction ID: 102e7b491270a4f2264eb3dba588f5723df0dde6b2d0c7d1b04c5f3683f41c42
                                                                                        • Opcode Fuzzy Hash: bf93a7578d3f66877a394e3814edabf094def34bc10d24d459a0f3ea96abfd83
                                                                                        • Instruction Fuzzy Hash: 9F419576A006459BCB00CF98D880A9A73B9EF84338F254295EC18ABB41F735ED46D7F1
                                                                                        Function 6CD4C7A0 Relevance: 10.6, APIs: 7, Instructions: 121stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: strchr$FromStringString_
                                                                                        • String ID:
                                                                                        • API String ID: 1648105354-0
                                                                                        • Opcode ID: 3676a72ced87e8fde79876738e67aaf80d60f7cc179c12cb9d2891547ce6ac90
                                                                                        • Instruction ID: fe4e3f6cd8270e27b5e2f3648261d431303c18261e17bb2bcca8823cc36968eb
                                                                                        • Opcode Fuzzy Hash: 3676a72ced87e8fde79876738e67aaf80d60f7cc179c12cb9d2891547ce6ac90
                                                                                        • Instruction Fuzzy Hash: E141F470A44B009FD720EF65C880B52B7F4FB89315F108A2DEA4ACBA91D779F849CB51
                                                                                        Function 6CCA7080 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA708E
                                                                                          • Part of subcall function 6CD2FF00: PySequence_Check.PYTHON27(?), ref: 6CD2FF18
                                                                                          • Part of subcall function 6CD2FF00: PySeqIter_New.PYTHON27(?), ref: 6CD2FF25
                                                                                        • PyString_FromString.PYTHON27(writerows() argument must be iterable), ref: 6CCA70A7
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,writerows() argument must be iterable), ref: 6CCA70B0
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CCA7134
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA7140
                                                                                        Strings
                                                                                        • writerows() argument must be iterable, xrefs: 6CCA70A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$CheckClearExceptionFromGivenIterIter_MatchesObjectObject_Sequence_StringString_
                                                                                        • String ID: writerows() argument must be iterable
                                                                                        • API String ID: 2549401372-413612228
                                                                                        • Opcode ID: b9b015ed4625fd7ef16cdb1c5a1bfb9f1b38456d5991897a9d5f6224c27ba542
                                                                                        • Instruction ID: f90fd233e5d701ed4c4421fc06496298b48210fd8253e43cc2ec3e04691a1e18
                                                                                        • Opcode Fuzzy Hash: b9b015ed4625fd7ef16cdb1c5a1bfb9f1b38456d5991897a9d5f6224c27ba542
                                                                                        • Instruction Fuzzy Hash: AF31E5B6B002025BC704DAA5EC8499673B8FB85338B144368ED298B795F739EC17D7E1
                                                                                        Function 6CCA1000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(lo must be non-negative), ref: 6CCA101C
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000,lo must be non-negative), ref: 6CCA1025
                                                                                        • PySequence_Size.PYTHON27(?), ref: 6CCA1056
                                                                                        • PySequence_GetItem.PYTHON27(?,?), ref: 6CCA107C
                                                                                        • PyObject_RichCompare.PYTHON27(?,00000000,00000000), ref: 6CCA1091
                                                                                        Strings
                                                                                        • lo must be non-negative, xrefs: 6CCA1017
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sequence_$CompareErr_FromItemObjectObject_RichSizeStringString_
                                                                                        • String ID: lo must be non-negative
                                                                                        • API String ID: 3897809422-626569241
                                                                                        • Opcode ID: 571f3f69754ab9e5bb811019508f5d9986620de439f0df4601327ad0c670eca3
                                                                                        • Instruction ID: 714cd1081b7320deb5a71dd1df9e858aab0e3dc00d5b6a99c3fcef1030a93f8b
                                                                                        • Opcode Fuzzy Hash: 571f3f69754ab9e5bb811019508f5d9986620de439f0df4601327ad0c670eca3
                                                                                        • Instruction Fuzzy Hash: 2B310575901146EBCB10CFAAD8445AE77B4AF45368F240259ED2897780F234DE43D791
                                                                                        Function 6CCA6980 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(0000002C), ref: 6CCA6997
                                                                                          • Part of subcall function 6CCA64F0: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA6560
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,6CDEAF8E,00000001,00000002,?,?), ref: 6CCA69E8
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA6A12
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,argument 1 must be an iterator), ref: 6CCA6A2C
                                                                                        • PyObject_GC_Track.PYTHON27(00000000), ref: 6CCA6A65
                                                                                        Strings
                                                                                        • argument 1 must be an iterator, xrefs: 6CCA6A26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$Err_String$Arg_ErrorFatalFromIterMallocObjectString_TrackTupleUnpack
                                                                                        • String ID: argument 1 must be an iterator
                                                                                        • API String ID: 2368614604-554921073
                                                                                        • Opcode ID: 6b1ded601d024a517585b703b86b033dfebe018f15fbd218558c2d1b99b22c30
                                                                                        • Instruction ID: 82e8872fb4fc426a99f17949f56a5ce84ab93edf1e89648bbae23a835b073880
                                                                                        • Opcode Fuzzy Hash: 6b1ded601d024a517585b703b86b033dfebe018f15fbd218558c2d1b99b22c30
                                                                                        • Instruction Fuzzy Hash: 2F31F5F2A007115BDB00DFA8ECC598677A8EB08728B14C659ED18CB746F735E855CBD2
                                                                                        Function 6CD3A940 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyClass_IsSubclass.PYTHON27(?,04000000,?,?,?,?,?,6CD2F9FC,?,?,?,?,?,?,?,6CD2FC7B), ref: 6CD3A987
                                                                                        Strings
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD3A9C1
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD3A9C6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Class_Subclass
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c
                                                                                        • API String ID: 388245403-1285866127
                                                                                        • Opcode ID: efb9f5fec2bdc5721e6e689279a51c2bc0db8b9f5bd0e039349ab67bae7a666a
                                                                                        • Instruction ID: 61b5574ffec32ebce50d92faaf5c9116460a12eb0cf63395f7ccc3b9f12c7e0e
                                                                                        • Opcode Fuzzy Hash: efb9f5fec2bdc5721e6e689279a51c2bc0db8b9f5bd0e039349ab67bae7a666a
                                                                                        • Instruction Fuzzy Hash: 12214D32B042219BDF10DBD9DCC1D86B3A8DF86368B564269ED5C9BA21E321EC4187F1
                                                                                        Function 6CD2E0B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E0D1
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CD2E0FF
                                                                                          • Part of subcall function 6CD2DF00: PyObject_GetAttrString.PYTHON27(?,__getitem__), ref: 6CD2DF1A
                                                                                        • PyInt_FromSsize_t.PYTHON27(?), ref: 6CD2E10F
                                                                                          • Part of subcall function 6CD570D0: PyInt_FromLong.PYTHON27(6CD2E114,?,6CD2E114,?), ref: 6CD570E2
                                                                                          • Part of subcall function 6CD2C430: PyType_IsSubtype.PYTHON27(00000000,?,?,?,?,?,?,6CD2CA14,?,?,00000040), ref: 6CD2C48B
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object can't be repeated,?), ref: 6CD2E16E
                                                                                        Strings
                                                                                        • '%.200s' object can't be repeated, xrefs: 6CD2E168
                                                                                        • null argument to internal routine, xrefs: 6CD2E0CB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromInt_String$AttrCheckFormatLongObject_Sequence_Ssize_tSubtypeType_
                                                                                        • String ID: '%.200s' object can't be repeated$null argument to internal routine
                                                                                        • API String ID: 2764935240-1106208759
                                                                                        • Opcode ID: 83313f80b44fd66d18bd6dcc221d740104e5780b9b3fd29384da6cacf5a459c8
                                                                                        • Instruction ID: 79f6335319422206e58fdb192bf286869850139b69926b61b4b1dd82524f44e8
                                                                                        • Opcode Fuzzy Hash: 83313f80b44fd66d18bd6dcc221d740104e5780b9b3fd29384da6cacf5a459c8
                                                                                        • Instruction Fuzzy Hash: AE21D6B6B001019BD710CB75ECC0D97B3A8EB8022D7248225EA1C8BB61D63AE956C7E0
                                                                                        Function 6CD2E180 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CD2E1D0
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CD2E1DD
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object can't be concatenated,?), ref: 6CD2E220
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E245
                                                                                        Strings
                                                                                        • '%.200s' object can't be concatenated, xrefs: 6CD2E21A
                                                                                        • null argument to internal routine, xrefs: 6CD2E23F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckErr_Sequence_$FormatString
                                                                                        • String ID: '%.200s' object can't be concatenated$null argument to internal routine
                                                                                        • API String ID: 3037318651-586038359
                                                                                        • Opcode ID: 1b9d89add6326b22b34dde881756e96b05f592681a16f3aecd5d0d38d6552f07
                                                                                        • Instruction ID: 5b897e8cd6ff0f4c24ab9afa8de9c4fce162d068800c49b4fe8135fd6cf733aa
                                                                                        • Opcode Fuzzy Hash: 1b9d89add6326b22b34dde881756e96b05f592681a16f3aecd5d0d38d6552f07
                                                                                        • Instruction Fuzzy Hash: A721F8767011009BD70597B5FC00F9733A99F8166EF244129EE1D87FA1D729E505C6E1
                                                                                        Function 6CCA27B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:unicode_internal_encode,?,?), ref: 6CCA27CE
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,?), ref: 6CCA27FA
                                                                                        Strings
                                                                                        • O|z:unicode_internal_encode, xrefs: 6CCA27C1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Size$Arg_FromParseStringString_Tuple_
                                                                                        • String ID: O|z:unicode_internal_encode
                                                                                        • API String ID: 2714287502-4208230126
                                                                                        • Opcode ID: 7c10507fe59f00d6022898ef0d79be58337ce50832986f76e2496fcdc98263a4
                                                                                        • Instruction ID: c8b62ffd23b3a5e29d0fad2078578bff686d7e742c22cdd8948418b43aa380fc
                                                                                        • Opcode Fuzzy Hash: 7c10507fe59f00d6022898ef0d79be58337ce50832986f76e2496fcdc98263a4
                                                                                        • Instruction Fuzzy Hash: 7B21B377E0011A6BD710DBD9AC45DEA73BCDB84229F084299EC1D97B10F631DA1A87E1
                                                                                        Function 6CD2B5D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,expected a single-segment buffer object), ref: 6CD2B626
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,expected a string or other character buffer object), ref: 6CD2B665
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2B68D
                                                                                        Strings
                                                                                        • expected a string or other character buffer object, xrefs: 6CD2B65F
                                                                                        • null argument to internal routine, xrefs: 6CD2B687
                                                                                        • expected a single-segment buffer object, xrefs: 6CD2B620
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: expected a single-segment buffer object$expected a string or other character buffer object$null argument to internal routine
                                                                                        • API String ID: 1450464846-3572025370
                                                                                        • Opcode ID: a4d7e86a38b37b732b68767964419a67298202631d2fef7b1fea5f5e1416fc40
                                                                                        • Instruction ID: a9037ada316fa04fa9cb7976b5a5fca98c0ea8c9f66a4c378f3e3a586d149d96
                                                                                        • Opcode Fuzzy Hash: a4d7e86a38b37b732b68767964419a67298202631d2fef7b1fea5f5e1416fc40
                                                                                        • Instruction Fuzzy Hash: 1A219236600205ABDB00CFA8EC80F9573B8EB8563DF208615EA3D8BAD1D779E555CB50
                                                                                        Function 6CCBA430 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON27(?,?,O:Struct,6CF08D90,?), ref: 6CCBA451
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_Keywords_ParseSizeTuple
                                                                                        • String ID: O:Struct$Struct() argument 1 must be string, not %s$ascii
                                                                                        • API String ID: 2595951286-3821461947
                                                                                        • Opcode ID: c75911609af2a803b66bc4168e41c6ae456f86cc8db0986b5311d67ca8dcaf64
                                                                                        • Instruction ID: 67983f000ed445f9c32518566d99a990ed6a70a87f278e7310bf02631bb34e90
                                                                                        • Opcode Fuzzy Hash: c75911609af2a803b66bc4168e41c6ae456f86cc8db0986b5311d67ca8dcaf64
                                                                                        • Instruction Fuzzy Hash: 9A21FB75901205ABD700CF95E940A66B3B8AF85338F144788EC6D57F90F731ED01CAA1
                                                                                        Function 6CD2D650 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine,?,?,6CD2D72E,?,?,?,?,6CD2B2E8,6CD2EF3A,6CEE5B38), ref: 6CD2D673
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,__index__ returned non-(int,long) (type %.200s),?), ref: 6CD2D6CF
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object cannot be interpreted as an index,?,?,?,?,6CD2D72E,?,?,?,?,6CD2B2E8,6CD2EF3A,6CEE5B38), ref: 6CD2D6FE
                                                                                        Strings
                                                                                        • '%.200s' object cannot be interpreted as an index, xrefs: 6CD2D6F8
                                                                                        • __index__ returned non-(int,long) (type %.200s), xrefs: 6CD2D6C9
                                                                                        • null argument to internal routine, xrefs: 6CD2D66D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$Format$String
                                                                                        • String ID: '%.200s' object cannot be interpreted as an index$__index__ returned non-(int,long) (type %.200s)$null argument to internal routine
                                                                                        • API String ID: 1780620971-172259376
                                                                                        • Opcode ID: 79e9d2207dfbc026eb1d5bb273f19dcf7b8f4123576408f54179026ab8afbe3f
                                                                                        • Instruction ID: d78f86e3ed4cb3021486de163e8e5073b110f38669362db7d3857ab68ec7e9cd
                                                                                        • Opcode Fuzzy Hash: 79e9d2207dfbc026eb1d5bb273f19dcf7b8f4123576408f54179026ab8afbe3f
                                                                                        • Instruction Fuzzy Hash: 1821367AB002148FD704DBA4E940E9AB3B8EF8476DB244629EA1DC7B61D739E845C7C0
                                                                                        Function 6CD2DFF0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CD2E024
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CD2E031
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object can't be concatenated,?), ref: 6CD2E074
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E099
                                                                                        Strings
                                                                                        • '%.200s' object can't be concatenated, xrefs: 6CD2E06E
                                                                                        • null argument to internal routine, xrefs: 6CD2E093
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckErr_Sequence_$FormatString
                                                                                        • String ID: '%.200s' object can't be concatenated$null argument to internal routine
                                                                                        • API String ID: 3037318651-586038359
                                                                                        • Opcode ID: 012287178e50c48920a595930d7e88ef67319bf6a2b67442be5aa965d1a72139
                                                                                        • Instruction ID: eaa2e71f1093b73b38ae7968fa80531ccb2ba19daa42b7ed0b968a98b3546046
                                                                                        • Opcode Fuzzy Hash: 012287178e50c48920a595930d7e88ef67319bf6a2b67442be5aa965d1a72139
                                                                                        • Instruction Fuzzy Hash: CA11E176B001009BD710CB75ED40E9A73A89B8566EB254124EE1C87F61E72AF90286F1
                                                                                        Function 6CD77F40 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,tuple assignment index out of range,00000000), ref: 6CD77FB2
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,0000008E,00000000), ref: 6CD77FEF
                                                                                        Strings
                                                                                        • tuple assignment index out of range, xrefs: 6CD77FAC
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD77FE4
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD77FE9
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD77FA7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatString
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c$8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$tuple assignment index out of range
                                                                                        • API String ID: 4212644371-3288406497
                                                                                        • Opcode ID: 1bc8dfbe8a10e686498613d5c5b55ef0c4c40eec6a51be065b9dd5ad37d8c79a
                                                                                        • Instruction ID: 3f44a641979787d2312a039ab238fbc11767ec167fa1ab7571ef612e97076dfc
                                                                                        • Opcode Fuzzy Hash: 1bc8dfbe8a10e686498613d5c5b55ef0c4c40eec6a51be065b9dd5ad37d8c79a
                                                                                        • Instruction Fuzzy Hash: A421B671A002019FDB15DFA8DD40D95B3E8EF45338B268B95F8288BBD1D631EC52C7A1
                                                                                        Function 6CD595B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,000000CE), ref: 6CD595F2
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,list assignment index out of range), ref: 6CD59659
                                                                                        Strings
                                                                                        • list assignment index out of range, xrefs: 6CD59653
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD595EC
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD5964D
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD595E7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatString
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c$8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$list assignment index out of range
                                                                                        • API String ID: 4212644371-3071266982
                                                                                        • Opcode ID: 70e9a6d06c356a34005020cad078953a90def641f3bf69dd4afcfdd0e9afa22b
                                                                                        • Instruction ID: 31dbcaeaca4c123142ead65a8170a4404eee0754bcbb08d82d7cc01c37a0f402
                                                                                        • Opcode Fuzzy Hash: 70e9a6d06c356a34005020cad078953a90def641f3bf69dd4afcfdd0e9afa22b
                                                                                        • Instruction Fuzzy Hash: 59219FB4A002059FDB04CFA8DC8195533B4AF05338B644798E8388BBE1DA32E927CB90
                                                                                        Function 6CD67FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_New.PYTHON27 ref: 6CD68006
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD68018
                                                                                        • PyString_FromString.PYTHON27(Py_Repr), ref: 6CD68031
                                                                                        • PyDict_GetItem.PYTHON27(00000000,00000000), ref: 6CD68041
                                                                                        • PyList_SetSlice.PYTHON27(00000000,?,?,00000000), ref: 6CD68098
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_FromStringString_$ClearErr_ItemList_Slice
                                                                                        • String ID: Py_Repr
                                                                                        • API String ID: 1400406548-2533070302
                                                                                        • Opcode ID: 22e65f2e7da3c823adb1c3ab39d37d3a284d69ca65d2cefb67299b688394ea09
                                                                                        • Instruction ID: 9683e275dfaa06c6b8ea2af76fb32fead24ff35e477262ffb5b692158be56ee4
                                                                                        • Opcode Fuzzy Hash: 22e65f2e7da3c823adb1c3ab39d37d3a284d69ca65d2cefb67299b688394ea09
                                                                                        • Instruction Fuzzy Hash: 1D11E431601502CBDB148F56CC40BA6B369FFC262CF144669D9688BEA1E732E44AC7E1
                                                                                        Function 6CD63420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetBuffer.PYTHON27(?,?,0000011C), ref: 6CD63452
                                                                                        • PyMemoryView_FromBuffer.PYTHON27(?), ref: 6CD63463
                                                                                          • Part of subcall function 6CD63390: _PyObject_GC_Malloc.PYTHON27(00000040), ref: 6CD633A0
                                                                                          • Part of subcall function 6CD63390: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD633DF
                                                                                        • PyBuffer_Release.PYTHON27(?), ref: 6CD63474
                                                                                        • PyString_FromString.PYTHON27(cannot make memory view because object does not have the buffer interface), ref: 6CD6349A
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,cannot make memory view because object does not have the buffer interface), ref: 6CD634A3
                                                                                        Strings
                                                                                        • cannot make memory view because object does not have the buffer interface, xrefs: 6CD63495
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: BufferFromObject_$Buffer_Err_ErrorFatalMallocMemoryObjectReleaseStringString_View_
                                                                                        • String ID: cannot make memory view because object does not have the buffer interface
                                                                                        • API String ID: 795727773-947840849
                                                                                        • Opcode ID: 4fd6994dcf729d047a56a78e952d9c3abb81bc49a23ca95c8925936bda13bf65
                                                                                        • Instruction ID: 64b772ef9f2bba329588d92202b954d1388329709256b5205d84b6692d621edb
                                                                                        • Opcode Fuzzy Hash: 4fd6994dcf729d047a56a78e952d9c3abb81bc49a23ca95c8925936bda13bf65
                                                                                        • Instruction Fuzzy Hash: CB11C8769012009BD301DB65BC01AEBB3E8DB4523CF04066DED1887EA1F775E919C6E2
                                                                                        Function 6CD2FF00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_Check.PYTHON27(?), ref: 6CD2FF18
                                                                                        • PySeqIter_New.PYTHON27(?), ref: 6CD2FF25
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object is not iterable,?), ref: 6CD2FF43
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,iter() returned non-iterator of type '%.100s',?), ref: 6CD2FF84
                                                                                        Strings
                                                                                        • iter() returned non-iterator of type '%.100s', xrefs: 6CD2FF7E
                                                                                        • '%.200s' object is not iterable, xrefs: 6CD2FF3D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format$CheckIter_Sequence_
                                                                                        • String ID: '%.200s' object is not iterable$iter() returned non-iterator of type '%.100s'
                                                                                        • API String ID: 1856588606-3403259511
                                                                                        • Opcode ID: ec066dff14be8a7045885d52623456efbb86a2dc0814b9fd3c6c3b8afbb17e14
                                                                                        • Instruction ID: fa3dc901bad26ed9d8a012924687d88306440bdb5e926af131570a2f921090da
                                                                                        • Opcode Fuzzy Hash: ec066dff14be8a7045885d52623456efbb86a2dc0814b9fd3c6c3b8afbb17e14
                                                                                        • Instruction Fuzzy Hash: 7E112B72B116209BC320D764AC40E5AB3E89F0667C7144A64EE69C7FB1D738F909C7D1
                                                                                        Function 6CD6BDC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BDE1
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BDF3
                                                                                        • _PyErr_BadInternalCall.PYTHON27(..\Objects\setobject.c,00000904), ref: 6CD6BE09
                                                                                          • Part of subcall function 6CDC0890: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,?,6CD6BD4E,?,6CD6BD4E,..\Objects\setobject.c,000008F0), ref: 6CDC08AA
                                                                                        • PyObject_Hash.PYTHON27(?), ref: 6CD6BE2D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_SubtypeType_$CallFormatHashInternalObject_
                                                                                        • String ID: ..\Objects\setobject.c$hl
                                                                                        • API String ID: 66917421-2536540331
                                                                                        • Opcode ID: 2408396739152945c0ef7da72e0d5fcfa9503a0b52abd3cbf970db92261adbcd
                                                                                        • Instruction ID: ee9e7d0d2045cecb9e5af1505cbde501c73a06e6a64e259916830d88d8472c29
                                                                                        • Opcode Fuzzy Hash: 2408396739152945c0ef7da72e0d5fcfa9503a0b52abd3cbf970db92261adbcd
                                                                                        • Instruction Fuzzy Hash: 7F11EC32641110BBCA10576BAC4169A73685F1127DF355225F92CD7EE3E325F852D1F2
                                                                                        Function 6CD2F070 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Py_CheckRecursiveCall.PYTHON27( while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CD2F0A5
                                                                                          • Part of subcall function 6CDAE7C0: PyOS_CheckStack.PYTHON27(?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE7CA
                                                                                          • Part of subcall function 6CDAE7C0: PyErr_SetString.PYTHON27(6CEE67A8,Stack overflow,?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE7E1
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,NULL result without error in PyObject_Call,?,00000000,00000000), ref: 6CD2F0E4
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object is not callable,?,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CD2F102
                                                                                        Strings
                                                                                        • while calling a Python object, xrefs: 6CD2F0A0
                                                                                        • NULL result without error in PyObject_Call, xrefs: 6CD2F0DE
                                                                                        • '%.200s' object is not callable, xrefs: 6CD2F0FC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$CheckString$CallFormatRecursiveStack
                                                                                        • String ID: while calling a Python object$'%.200s' object is not callable$NULL result without error in PyObject_Call
                                                                                        • API String ID: 3585756785-4047954617
                                                                                        • Opcode ID: 440867bf7859549d7b80ba263e6f4f84e7cdaeef6515629d5cdd105c11f55cba
                                                                                        • Instruction ID: c71c320fc273904dfa44d302754fd690a5755343f4ee597e91bbb6d1590447f6
                                                                                        • Opcode Fuzzy Hash: 440867bf7859549d7b80ba263e6f4f84e7cdaeef6515629d5cdd105c11f55cba
                                                                                        • Instruction Fuzzy Hash: 4C118275B10120DFCB15DB99E980E6AB3B8EB49778314C526EE18C7711D736E911CBD0
                                                                                        Function 6CCA7570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,field_size_limit,00000000,00000001,?), ref: 6CCA7593
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,limit must be an integer), ref: 6CCA75BD
                                                                                        • PyInt_AsLong.PYTHON27(00000000), ref: 6CCA75CD
                                                                                        • PyInt_FromLong.PYTHON27(00020000), ref: 6CCA75EC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromInt_Long$Arg_FormatObjectStringString_TupleUnpack
                                                                                        • String ID: field_size_limit$limit must be an integer
                                                                                        • API String ID: 967242494-1264440769
                                                                                        • Opcode ID: 9a73e517bed0fdd371185642253cd133b5d584d33d9a57d9dcab66230d342b4b
                                                                                        • Instruction ID: 50db88f1e03acbdc8d18d6dda662802a98ee32db928d4106855fa63910876c4a
                                                                                        • Opcode Fuzzy Hash: 9a73e517bed0fdd371185642253cd133b5d584d33d9a57d9dcab66230d342b4b
                                                                                        • Instruction Fuzzy Hash: 7B01FCB1F141056BEB00DBA4EC45F9673BCAB0532CF244159F918C7681F731EA1997A5
                                                                                        Function 6CCA80B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_InitModule4.PYTHON27(_functools,6CF0E454,Tools that operate on functions.,00000000,000003F5), ref: 6CCA80DB
                                                                                        • PyType_Ready.PYTHON27(6CF0E390), ref: 6CCA80F1
                                                                                        • strchr.MSVCR90 ref: 6CCA8103
                                                                                        • PyModule_AddObject.PYTHON27(00000000,00000001,6CF0E391), ref: 6CCA810F
                                                                                          • Part of subcall function 6CDCEC70: PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type_$Err_InitModule4Module_ObjectReadyStringSubtypestrchr
                                                                                        • String ID: Tools that operate on functions.$_functools
                                                                                        • API String ID: 2866601250-1707497487
                                                                                        • Opcode ID: fa99e4ac5257ff1297dbb99ed346b7d88f4c2dcdd89bdcece99d2ac2d890164b
                                                                                        • Instruction ID: 01350d15f62dede2f2c63205abe545745dcc57b48cf345c0733460e6afbc5817
                                                                                        • Opcode Fuzzy Hash: fa99e4ac5257ff1297dbb99ed346b7d88f4c2dcdd89bdcece99d2ac2d890164b
                                                                                        • Instruction Fuzzy Hash: CCF02276F4025437DA306A999D49EAB7A6CCB84718F000466EE49A7A02E7319D1687F2
                                                                                        Function 00401000 Relevance: 10.5, APIs: 7, Instructions: 46windowstringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FormatMessageA.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000), ref: 00401024
                                                                                        • strncpy.MSVCR90 ref: 00401038
                                                                                        • LocalFree.KERNEL32(?), ref: 00401046
                                                                                        • lstrlenA.KERNEL32(00000000), ref: 00401058
                                                                                        • _snprintf.MSVCR90 ref: 00401073
                                                                                        • GetFocus.USER32 ref: 00401085
                                                                                        • MessageBoxA.USER32(00000000), ref: 0040108C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$FocusFormatFreeLocal_snprintflstrlenstrncpy
                                                                                        • String ID:
                                                                                        • API String ID: 2324749726-0
                                                                                        • Opcode ID: 5c360f393e6a0c1135d57203a577ae5badcfff9240942876dcb77ff3ee984539
                                                                                        • Instruction ID: d54df7ba943514a9ed245f917b7b029d9917e2ae8cd7c94c82d9e9a5e8dc25a3
                                                                                        • Opcode Fuzzy Hash: 5c360f393e6a0c1135d57203a577ae5badcfff9240942876dcb77ff3ee984539
                                                                                        • Instruction Fuzzy Hash: A20140F5514300BFE314ABA4DD4DF9B77A8ABC4704F00C828B789B61D1DA78D459C76A
                                                                                        Function 6CD67530 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__dict__,6CEE9E88,?,6CD67768,?,?,?,?,?,?,?,?,6CD677F7), ref: 6CD6753A
                                                                                        • PyDict_Keys.PYTHON27(00000000), ref: 6CD67555
                                                                                        • PyModule_GetName.PYTHON27(?), ref: 6CD67562
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s.__dict__ is not a dictionary,00000000), ref: 6CD6757B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttrDict_Err_FormatKeysModule_NameObject_String
                                                                                        • String ID: %.200s.__dict__ is not a dictionary$__dict__
                                                                                        • API String ID: 1862186721-2745307267
                                                                                        • Opcode ID: 7c9d58393dfaf59c1358f3d4497e65f6198c4c84d5b28c0377fb25f7ca08285f
                                                                                        • Instruction ID: 683174a02d6854cdc39737b425b87d9dc577d7baba9379999f62b7df241559a9
                                                                                        • Opcode Fuzzy Hash: 7c9d58393dfaf59c1358f3d4497e65f6198c4c84d5b28c0377fb25f7ca08285f
                                                                                        • Instruction Fuzzy Hash: 7DF02BB1E015117BE7109B71AC80A9B33A85F14328F110668EC2586F61E719ED5DC6E1
                                                                                        Function 6CD77ED0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,0000007D,?,6CD3A9F5,?,00000000,?,?,?,?,?,?,6CD2F9FC,?), ref: 6CD77EF8
                                                                                        Strings
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD77EED
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD77EF2
                                                                                        • tuple index out of range, xrefs: 6CD77F20
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CD77F1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c$8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$tuple index out of range
                                                                                        • API String ID: 376477240-1420414903
                                                                                        • Opcode ID: 16ba5aa8d68c2dec53e4a780f31943d90fc6a4ef59f3b001b53b4e92a171ce65
                                                                                        • Instruction ID: b6a7064176ac58a752a752382e6e267fd7858a1a8f26496412b8b0afccb71ad3
                                                                                        • Opcode Fuzzy Hash: 16ba5aa8d68c2dec53e4a780f31943d90fc6a4ef59f3b001b53b4e92a171ce65
                                                                                        • Instruction Fuzzy Hash: C3F090397041086FD621DFA8DD42E15B3B8DB45258F548A89FC1CCBB51E633E452D7A1
                                                                                        Function 00401A50 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: __iob_func$getenv
                                                                                        • String ID: <stdin>$<stdin>$PYTHONINSPECT
                                                                                        • API String ID: 952159037-3944695568
                                                                                        • Opcode ID: 70635a653a20398afb8323c1779619fc8e2f8c30ff46a45be12a8d071d852709
                                                                                        • Instruction ID: 8cca01e1b034a1b8fc333b74f5ab705df7888345169281b2be04b1cf812c368c
                                                                                        • Opcode Fuzzy Hash: 70635a653a20398afb8323c1779619fc8e2f8c30ff46a45be12a8d071d852709
                                                                                        • Instruction Fuzzy Hash: 61E0C270E417119BDA0057F86F0DA1B3A2CDD05352B080077EC09F21E0DA78D864CEBE
                                                                                        Function 6CCB1E80 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_Ready.PYTHON27(6CF0AAA0), ref: 6CCB1E85
                                                                                        • Py_InitModule4.PYTHON27(_random,00000000,Module implements the Mersenne Twister random number generator.,00000000,000003F5), ref: 6CCB1EA4
                                                                                        • PyModule_AddObject.PYTHON27(00000000,Random,6CF0AAA0), ref: 6CCB1EC1
                                                                                          • Part of subcall function 6CDCEC70: PyType_IsSubtype.PYTHON27(?,?,?,?,6CCA57F9,00000000,deque,6CF0FF60), ref: 6CDCEC87
                                                                                          • Part of subcall function 6CDCEC70: PyErr_SetString.PYTHON27(6CEE48B0,PyModule_AddObject() needs module as first arg,deque,6CF0FF60), ref: 6CDCEC9E
                                                                                        Strings
                                                                                        • Module implements the Mersenne Twister random number generator., xrefs: 6CCB1E98
                                                                                        • _random, xrefs: 6CCB1E9F
                                                                                        • Random, xrefs: 6CCB1EBB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type_$Err_InitModule4Module_ObjectReadyStringSubtype
                                                                                        • String ID: Module implements the Mersenne Twister random number generator.$Random$_random
                                                                                        • API String ID: 2860454020-3154293513
                                                                                        • Opcode ID: d98cfa22a56d23bcefa45843260d308812685ff4738da8eb4ba918a3fd1385bd
                                                                                        • Instruction ID: 22e626b2fd43cf76d9fb08df84a1b00b7321232999c6dd231c932547d4c38a92
                                                                                        • Opcode Fuzzy Hash: d98cfa22a56d23bcefa45843260d308812685ff4738da8eb4ba918a3fd1385bd
                                                                                        • Instruction Fuzzy Hash: 38D017E5F8120172F55012A46E1BF6230DC5720A0CFB42860B90AA1EE6FB26D1198176
                                                                                        Function 004023A0 Relevance: 9.1, APIs: 6, Instructions: 149libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsBadReadPtr.KERNEL32(?,00000014), ref: 004023CB
                                                                                          • Part of subcall function 00401EA0: _stricmp.MSVCR90(004018FF,?,00000000,00000001,?,004023F3,004018FF,?,00402680,00000000), ref: 00401EBC
                                                                                          • Part of subcall function 00401EA0: free.MSVCR90 ref: 00401EF0
                                                                                        • realloc.MSVCR90 ref: 00402410
                                                                                        • GetProcAddress.KERNEL32(00000000,00000002), ref: 0040249D
                                                                                        • IsBadReadPtr.KERNEL32(?,00000014), ref: 004024BC
                                                                                        • SetLastError.KERNEL32(0000007F), ref: 004024E1
                                                                                        • SetLastError.KERNEL32(00000008), ref: 004024F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastRead$AddressProc_stricmpfreerealloc
                                                                                        • String ID:
                                                                                        • API String ID: 3829280425-0
                                                                                        • Opcode ID: c1f4c7903eaecf4131432c3de378eb7ae882ce9fef0bb03a0e17263d17549ce1
                                                                                        • Instruction ID: e06c3e0f55c1ce49f3d5eeedbd59607cc003002fbce32c9cbadbe966566b4b56
                                                                                        • Opcode Fuzzy Hash: c1f4c7903eaecf4131432c3de378eb7ae882ce9fef0bb03a0e17263d17549ce1
                                                                                        • Instruction Fuzzy Hash: 4941C6723012059BD7149F14ED88B6BB364FB80365F14417BF906E73D1E7B8E8158A59
                                                                                        Function 6CD8B580 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,6CD8B64C,?,?,?,00000000), ref: 6CD8B598
                                                                                        • PyErr_SetExcFromWindowsErrWithFilenameObject.PYTHON27(6CEE50B8,00000000,00000000), ref: 6CD8B5AF
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,00000000,?,?,?,6CD8B64C,?,?,?,00000000,?,6CCA3246,?,?,00000000), ref: 6CD8B5C9
                                                                                        • PyString_Size.PYTHON27(?,?,?,?,6CD8B64C,?,?,?,00000000,?,6CCA3246,?,?,00000000), ref: 6CD8B5E2
                                                                                        • _PyString_Resize.PYTHON27(?,?,?,?,?,?,6CD8B64C,?,?,?,00000000,?,6CCA3246,?,?,00000000), ref: 6CD8B5F1
                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6CD8B619
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$ByteCharFromMultiSizeWide$Err_FilenameObjectResizeStringWindowsWith
                                                                                        • String ID:
                                                                                        • API String ID: 3319194404-0
                                                                                        • Opcode ID: 0123c8d3ead82ce277da77d2a26b9a48673b8f0f92fcb9808ab6e62a2dc90284
                                                                                        • Instruction ID: b7452f53894ba70138a1a515947a151ac6fe07766a152361ae2f5ce01e1aaa9a
                                                                                        • Opcode Fuzzy Hash: 0123c8d3ead82ce277da77d2a26b9a48673b8f0f92fcb9808ab6e62a2dc90284
                                                                                        • Instruction Fuzzy Hash: DD117F71601209BBE7108BA9AC81F97376CEF857ACF144655F918CABD0E770D9408BA0
                                                                                        Function 6CCA9090 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6CCA9030: fgetc.MSVCR90 ref: 6CCA9047
                                                                                        • malloc.MSVCR90 ref: 6CCA90B0
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCA90BF
                                                                                          • Part of subcall function 6CDC0380: PyErr_GivenExceptionMatches.PYTHON27(00000000,6CEE67A8,?,6CD77E82,00000000,6CD2B1D5,?,?,?,6CD2F66F,00000000,?,00000000,6CD2F785,00000000), ref: 6CDC0396
                                                                                          • Part of subcall function 6CDC0380: PyErr_SetObject.PYTHON27(6CEE67A8,?), ref: 6CDC03B3
                                                                                        • fgetc.MSVCR90 ref: 6CCA90E7
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CCA90FF
                                                                                        • free.MSVCR90 ref: 6CCA910C
                                                                                        • free.MSVCR90 ref: 6CCA9129
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$fgetcfree$ExceptionFromGivenMatchesMemoryObjectSizeStringString_malloc
                                                                                        • String ID:
                                                                                        • API String ID: 2006357968-0
                                                                                        • Opcode ID: 8cc702ad2e7445480a8566f78fbb999e1aa10452f2285ba477ea70409fcf14df
                                                                                        • Instruction ID: 3f466c9cc7aca085d1a2d509d4e7c43ffb93f310bacc25c5b78527a3c8986e9e
                                                                                        • Opcode Fuzzy Hash: 8cc702ad2e7445480a8566f78fbb999e1aa10452f2285ba477ea70409fcf14df
                                                                                        • Instruction Fuzzy Hash: 4311297260010AA7CB00DBADDCC599BB7BCEF49378B140366ED1DC7340E732A95687A1
                                                                                        Function 6CCB5C10 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,6CDEBCB4,?,?), ref: 6CCB5C27
                                                                                        • tolower.MSVCR90 ref: 6CCB5C49
                                                                                        • _Py_BuildValue_SizeT.PYTHON27(6CE8FB10,00000000), ref: 6CCB5C58
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Size$Arg_BuildParseTuple_Value_tolower
                                                                                        • String ID:
                                                                                        • API String ID: 2724438417-0
                                                                                        • Opcode ID: a17a2c909ec943ca2fd40e426035a8e84b56561938e49c360b54e149957dd7d2
                                                                                        • Instruction ID: c920c61486c9e53bcf645e86e0eff338d2b8d417246ad253d8f1ad1687544ac5
                                                                                        • Opcode Fuzzy Hash: a17a2c909ec943ca2fd40e426035a8e84b56561938e49c360b54e149957dd7d2
                                                                                        • Instruction Fuzzy Hash: 1401D8B1E051086EDA0097E0ACD29FE373DAB0560DF140AA1EC0DE7E01FA35AA5842F2
                                                                                        Function 6CD45CA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyList_New.PYTHON27(?), ref: 6CD45CB7
                                                                                          • Part of subcall function 6CD593A0: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,0000007E,?,?,?,?,?,6CD45BB1,?,?,?,?,6CD467DF,?), ref: 6CD593C3
                                                                                        • _PyObject_GC_Malloc.PYTHON27(0000000F), ref: 6CD45D16
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD45D5A
                                                                                        • PyList_New.PYTHON27(?), ref: 6CD45DC3
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD45D55
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: List_$Err_ErrorFatalFormatMallocObject_
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 2451881301-3349536495
                                                                                        • Opcode ID: 8a380886578cc38a2161487c972fc30ebcf415f7fb59ef2a43ce087efedde18d
                                                                                        • Instruction ID: ceea6034b8398c03b81872240a985beafa4d5ceba3ed92d130592a4c02ce30cb
                                                                                        • Opcode Fuzzy Hash: 8a380886578cc38a2161487c972fc30ebcf415f7fb59ef2a43ce087efedde18d
                                                                                        • Instruction Fuzzy Hash: 0E51AEB6A04702CFDB00CF28D481906B7B0FF85324B25C769D9698BB61E731E856CBD1
                                                                                        Function 6CCAC05E Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,OO&|zi:scanstring,?,Function_0000ADC0,?,?,?), ref: 6CCAC0C9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_ParseTuple
                                                                                        • String ID: OO&|zi:scanstring$first argument must be a string, not %.80s$utf-8
                                                                                        • API String ID: 3371842430-3658668036
                                                                                        • Opcode ID: 03ecc069efda061e6d40ec7e71b982dff61d547b6e0e61c28ee6e4e181734604
                                                                                        • Instruction ID: 287e0672c017fab48cfb49b515ace1da71ec3488cfa698b621a6348dff57b7e8
                                                                                        • Opcode Fuzzy Hash: 03ecc069efda061e6d40ec7e71b982dff61d547b6e0e61c28ee6e4e181734604
                                                                                        • Instruction Fuzzy Hash: 913181B6D0010DAFDB00DFD8DC85EEAB3B8EF49318F144688E90897641E731AA15CBA1
                                                                                        Function 6CD2E610 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E631
                                                                                        • _PySlice_FromIndices.PYTHON27(?,?), ref: 6CD2E6AD
                                                                                          • Part of subcall function 6CD6C210: PyInt_FromLong.PYTHON27(?,?,?,6CD2E47D,?,?), ref: 6CD6C223
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object doesn't support slice assignment,?), ref: 6CD2E6F2
                                                                                        Strings
                                                                                        • '%.200s' object doesn't support slice assignment, xrefs: 6CD2E6EC
                                                                                        • null argument to internal routine, xrefs: 6CD2E62B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_From$FormatIndicesInt_LongSlice_String
                                                                                        • String ID: '%.200s' object doesn't support slice assignment$null argument to internal routine
                                                                                        • API String ID: 4144052031-3688816455
                                                                                        • Opcode ID: f0171cd7cfe6db595309215452b3c6cde05c08a17a69acfbac4fde556dba8fd8
                                                                                        • Instruction ID: 3cc30696a2690cfe1c9a7d5e4dc566e5061daf3b845bcc8491b4576b1a106c15
                                                                                        • Opcode Fuzzy Hash: f0171cd7cfe6db595309215452b3c6cde05c08a17a69acfbac4fde556dba8fd8
                                                                                        • Instruction Fuzzy Hash: 0D3194766016019BDB00CF65DC80E9673B9EB8433AB154A19EA2947F60D739EC55CBE0
                                                                                        Function 6CCAB580 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyInt_FromLong.PYTHON27 ref: 6CCAB59D
                                                                                        • _PyLong_FromByteArray.PYTHON27(?,00000004,00000001,00000001), ref: 6CCAB5B6
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000002), ref: 6CCAB606
                                                                                          • Part of subcall function 6CCDBAA0: _PyObject_GC_Malloc.PYTHON27(?), ref: 6CCDBABC
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCAB62A
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CCAB625
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromObject_$ArrayByteErrorFatalInt_LongLong_Malloc
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 85452904-3349536495
                                                                                        • Opcode ID: 351d3258bd72a2be5236a52e73d9baa3f5ca3f0037f21a61f8a83d68b3babbf5
                                                                                        • Instruction ID: 54b1f64373ac5dda9c49eab21154152a2371b206cd4e6327fb81c32a4c3cc32f
                                                                                        • Opcode Fuzzy Hash: 351d3258bd72a2be5236a52e73d9baa3f5ca3f0037f21a61f8a83d68b3babbf5
                                                                                        • Instruction Fuzzy Hash: 8A31EFB1A006069FC710CFA9D895A96B3B0FB85734F204769D92987B90E731E856CBD1
                                                                                        Function 6CD2F1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F217
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000000), ref: 6CD2F275
                                                                                          • Part of subcall function 6CD2F110: Py_FatalError.PYTHON27(GC object already tracked,6CD2F2E2), ref: 6CD2F17B
                                                                                          • Part of subcall function 6CD2F110: PyObject_Call.PYTHON27(6CD2F2E2,00000001,00000000), ref: 6CD2F1B2
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD2F2AA
                                                                                        • null argument to internal routine, xrefs: 6CD2F211
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$CallErr_ErrorFatalString
                                                                                        • String ID: GC object already tracked$null argument to internal routine
                                                                                        • API String ID: 1493430688-2310679869
                                                                                        • Opcode ID: ca475b8762068b7ff2bcd546232233eb8cffc46804b0bd1da2a15edae739f529
                                                                                        • Instruction ID: b93d1f0fa82d15bdb11abca5d7976e7aadf7cb8b518bcbec09eced659624b97e
                                                                                        • Opcode Fuzzy Hash: ca475b8762068b7ff2bcd546232233eb8cffc46804b0bd1da2a15edae739f529
                                                                                        • Instruction Fuzzy Hash: 6221F9B6F002104BC7408F59FC416977378EB8622DF540A7AEE1DC3B51E7359455C6A1
                                                                                        Function 6CD3F0C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_CheckReadBuffer.PYTHON27(?), ref: 6CD3F1AC
                                                                                          • Part of subcall function 6CD3EF60: Py_FatalError.PYTHON27(non-string found in code slot,?,?,6CD3F1C4), ref: 6CD3EF84
                                                                                          • Part of subcall function 6CD3EF60: PyString_InternInPlace.PYTHON27(?,6CD3F1C4), ref: 6CD3EF8D
                                                                                          • Part of subcall function 6CD3EFA0: PyString_InternInPlace.PYTHON27(?,?,?,?,?,6CD3F1E2,?), ref: 6CD3EFF4
                                                                                        • PyObject_Malloc.PYTHON27(00000048,?), ref: 6CD3F1F1
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\codeobject.c,00000070), ref: 6CD3F289
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD3F283
                                                                                        • ..\Objects\codeobject.c, xrefs: 6CD3F27E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: InternObject_PlaceString_$BufferCheckErr_ErrorFatalFormatMallocRead
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\codeobject.c
                                                                                        • API String ID: 3461592393-2661852415
                                                                                        • Opcode ID: 418056bc0b401349a885e0df7c94cf188648ca4d582b2d33580c9287606a3dfd
                                                                                        • Instruction ID: 19aa485a3bfefee9eeebaa3c92ad7527a4a1e9557dd4e569e475bcff4fbf26ce
                                                                                        • Opcode Fuzzy Hash: 418056bc0b401349a885e0df7c94cf188648ca4d582b2d33580c9287606a3dfd
                                                                                        • Instruction Fuzzy Hash: EE31413C702619CBEF14CF55CE40B577BA4AF45648B21D198B85CCBA72E734EC099B54
                                                                                        Function 6CD3EFA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_InternInPlace.PYTHON27(?,?,?,?,?,6CD3F1E2,?), ref: 6CD3EFF4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: InternPlaceString_
                                                                                        • String ID: hl
                                                                                        • API String ID: 3813175135-3313420889
                                                                                        • Opcode ID: 0a9f81a8620dd208fb6b90ea0fcf353dda8c5cd42f3bd64521add3c5518562ad
                                                                                        • Instruction ID: f23323e6ad563aeb5fc8ae1a594e8736003655fb163964fbb516ae28a1139c84
                                                                                        • Opcode Fuzzy Hash: 0a9f81a8620dd208fb6b90ea0fcf353dda8c5cd42f3bd64521add3c5518562ad
                                                                                        • Instruction Fuzzy Hash: CB31EB729043258BD710CF2D984168BB3E4AF86328F141B65D45C87B60E779ED19C7E3
                                                                                        Function 6CCA4DF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,|OO:deque,?,?,?), ref: 6CCA4E36
                                                                                        • PyInt_AsSsize_t.PYTHON27(00000000), ref: 6CCA4E51
                                                                                          • Part of subcall function 6CD572B0: PyErr_SetString.PYTHON27(6CEE48B0,an integer is required,?,6CD2D745,00000000,?,00000000), ref: 6CD572C5
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,maxlen must be non-negative), ref: 6CCA4E7B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$Arg_Int_KeywordsParseSsize_tTuple
                                                                                        • String ID: maxlen must be non-negative$|OO:deque
                                                                                        • API String ID: 1725504813-657479167
                                                                                        • Opcode ID: 7cb1f4aa1b2c7da1f1a81fb30381a122355de21f5c90d0b52c9aa110de976bd6
                                                                                        • Instruction ID: aaa0897cc841d3107374dc9f354659459a492bde2f39a641e71fad52c61664e1
                                                                                        • Opcode Fuzzy Hash: 7cb1f4aa1b2c7da1f1a81fb30381a122355de21f5c90d0b52c9aa110de976bd6
                                                                                        • Instruction Fuzzy Hash: 2C21A5B1D0410A6BDB00CFE8DC48B9AB7BC9B44338F144755E82897BC0EB35D95687E1
                                                                                        Function 6CCAE0E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,OO&:_iterencode,6CF01D14,?,Function_0000ADC0,?), ref: 6CCAE10C
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCAE143
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCAE179
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_ErrorFatalKeywordsMallocObject_ParseTuple
                                                                                        • String ID: GC object already tracked$OO&:_iterencode
                                                                                        • API String ID: 354800078-2266549790
                                                                                        • Opcode ID: 9cf1786d16623657c7bae7b07927c6e975fdf43f0587277202795de2d9fc61e4
                                                                                        • Instruction ID: 7aeec8eb367fa72198b3003e5df7a3cca063c90c201d65a6ba6fdb23f4979fe4
                                                                                        • Opcode Fuzzy Hash: 9cf1786d16623657c7bae7b07927c6e975fdf43f0587277202795de2d9fc61e4
                                                                                        • Instruction Fuzzy Hash: 5F31D4B1A006129FDB10CF98DC45996B7F8EB85324F208A1DE868C7741F771E856CBE1
                                                                                        Function 6CD64D60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyList_New.PYTHON27(00000000,?,?,?,__methods__,?,6CD64E9D), ref: 6CD64D89
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CD64DB1
                                                                                        • PyList_SetItem.PYTHON27(00000000,00000000,00000000), ref: 6CD64DBC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: List_$FromItemStringString_
                                                                                        • String ID: __methods__
                                                                                        • API String ID: 672120553-1042264023
                                                                                        • Opcode ID: 01520883c3c816d68bcd6e111dad6f2e24b27b4781c14d89f0ad8847eaf882fe
                                                                                        • Instruction ID: 64020d61d37f051ad90a277bfca8b8744082b8386d08419959dfd9d0190ae34d
                                                                                        • Opcode Fuzzy Hash: 01520883c3c816d68bcd6e111dad6f2e24b27b4781c14d89f0ad8847eaf882fe
                                                                                        • Instruction Fuzzy Hash: CA21F6B2F01200DBE700CF6ADC90A9B73E8EF41628F1442A9DC0587B61EB31DC15CAE0
                                                                                        Function 6CD5D8F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,long int too large to convert to int), ref: 6CD5D97A
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,00000173,?,00000000,?,?,?,6CD572F3,00000000,?,6CD2D745,00000000,?,00000000), ref: 6CD5D9A2
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5D99C
                                                                                        • ..\Objects\longobject.c, xrefs: 6CD5D997
                                                                                        • long int too large to convert to int, xrefs: 6CD5D974
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatString
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\longobject.c$long int too large to convert to int
                                                                                        • API String ID: 4212644371-3173017773
                                                                                        • Opcode ID: 27ae57d70875c5aff8f6e1373f8a56ba504c6c1318176fab555d8e315b3e0f33
                                                                                        • Instruction ID: 80977d8cd7e82fe658dae9852d18f088caef5f4eb67dae433798593cec30432b
                                                                                        • Opcode Fuzzy Hash: 27ae57d70875c5aff8f6e1373f8a56ba504c6c1318176fab555d8e315b3e0f33
                                                                                        • Instruction Fuzzy Hash: 11117FB670510506CF148AAEA980AA5F364D7C5379F64476EFE3CC76E0EB2284A585E0
                                                                                        Function 6CCB1940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_NewVar.PYTHON27(?,00000271), ref: 6CCB1954
                                                                                          • Part of subcall function 6CCDBAA0: _PyObject_GC_Malloc.PYTHON27(?), ref: 6CCDBABC
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCB1986
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • PyLong_FromUnsignedLong.PYTHON27(00000000), ref: 6CCB19C3
                                                                                        • PyLong_FromLong.PYTHON27(?), ref: 6CCB19EA
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CCB1981
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$FromLongLong_Object___iob_func$ErrorFatalMallocUnsignedabortfflushfprintf
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 3445569843-3349536495
                                                                                        • Opcode ID: be85b78ccfcd3c1c86c7f6453c1065dcbf4fc71a01458c6c17900557b01eeab6
                                                                                        • Instruction ID: efbcccc5e3d824a7d09732bf7eb024e7d80e32e8f30eb70f7aed3a77f1c61e7b
                                                                                        • Opcode Fuzzy Hash: be85b78ccfcd3c1c86c7f6453c1065dcbf4fc71a01458c6c17900557b01eeab6
                                                                                        • Instruction Fuzzy Hash: B521F476B002019BDB00CF9CDC84956B3E4EB85228B248279D8AD97791F731E895CBA1
                                                                                        Function 6CD451A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,0000038B), ref: 6CD451CF
                                                                                        • PyObject_Hash.PYTHON27(?), ref: 6CD451F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatHashObject_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c$hl
                                                                                        • API String ID: 896634218-3408111369
                                                                                        • Opcode ID: b31a4d0b4349606c0f677a517b4819787834a42583311bc56f96c73c80bf5a92
                                                                                        • Instruction ID: b3be8ada6ceba92dfc04359c8794959954bbafa9891f6fcf84cbe063eaed6c77
                                                                                        • Opcode Fuzzy Hash: b31a4d0b4349606c0f677a517b4819787834a42583311bc56f96c73c80bf5a92
                                                                                        • Instruction Fuzzy Hash: 6711293670150497C6109BBEAC81A9BB358DF41239B348766FE3CC7BE0FB21E81586E1
                                                                                        Function 6CCA7410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,6CDEAF8E,00000001,00000002,?,?), ref: 6CCA7432
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                        • PyType_IsSubtype.PYTHON27(6CEDE208,?), ref: 6CCA7453
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,dialect name must be a string or unicode), ref: 6CCA746B
                                                                                        • PyDict_SetItem.PYTHON27(00000000,?,00000000), ref: 6CCA749B
                                                                                        Strings
                                                                                        • dialect name must be a string or unicode, xrefs: 6CCA7465
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$Arg_Dict_FromItemObjectString_SubtypeTupleType_Unpack
                                                                                        • String ID: dialect name must be a string or unicode
                                                                                        • API String ID: 2914826578-4036968015
                                                                                        • Opcode ID: 275b95b4dbfb980615fbebd123baa4bf9d96bd151f03080b3ffbc1659b3d9992
                                                                                        • Instruction ID: ea36cf90c5fe3103a3b4f054b111391195b97dd6211d2525458cd3b6dd7b7883
                                                                                        • Opcode Fuzzy Hash: 275b95b4dbfb980615fbebd123baa4bf9d96bd151f03080b3ffbc1659b3d9992
                                                                                        • Instruction Fuzzy Hash: 3F21D7B5A00606ABD710CBE4EC45E9B77B8AB44328F104358EC1997F90F635ED56CBE1
                                                                                        Function 6CCA3590 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(pop from an empty deque), ref: 6CCA35AF
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,pop from an empty deque), ref: 6CCA35B8
                                                                                        • free.MSVCR90 ref: 6CCA3632
                                                                                        Strings
                                                                                        • pop from an empty deque, xrefs: 6CCA35AA
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA35A4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_free
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$pop from an empty deque
                                                                                        • API String ID: 1310082783-3696478815
                                                                                        • Opcode ID: 2df92ebd28d1099e4fe09d7f96410f31bb6117785a0d8f3bd019a5f122d1f6e6
                                                                                        • Instruction ID: 0d9bc6b1e807c6e6d2ed4bb0b6608dfa6fab68e3cb672fbb3021272db235abe7
                                                                                        • Opcode Fuzzy Hash: 2df92ebd28d1099e4fe09d7f96410f31bb6117785a0d8f3bd019a5f122d1f6e6
                                                                                        • Instruction Fuzzy Hash: D6218072A007064FD324CF6ED845566B7F4FB85338B184B6ED859C7B50EB32E8468B90
                                                                                        Function 6CCA30E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|zO:charmap_encode,?,?,?), ref: 6CCA3109
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA312F
                                                                                        • PyUnicodeUCS2_EncodeCharmap.PYTHON27(?,?,6CEDFB7C,00000000), ref: 6CCA3150
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Arg_CharmapEncodeFromObjectParseSizeTuple_
                                                                                        • String ID: O|zO:charmap_encode
                                                                                        • API String ID: 412595032-3556360410
                                                                                        • Opcode ID: b5cf38d883eff5c21f059da447d480a32ce91052114770dcab6f3bdf0dd9419d
                                                                                        • Instruction ID: 509176c92b2f9999a77b9739b48642707e63f4a3c2b5bdb92d858d3cb8dd9212
                                                                                        • Opcode Fuzzy Hash: b5cf38d883eff5c21f059da447d480a32ce91052114770dcab6f3bdf0dd9419d
                                                                                        • Instruction Fuzzy Hash: 0321A1B5A00105AFDB00DBD9DC55EDAB7B8EB84318F148298E918D7750E734DA46CBA1
                                                                                        Function 6CCA34C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(pop from an empty deque), ref: 6CCA34DF
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,pop from an empty deque), ref: 6CCA34E8
                                                                                        • free.MSVCR90 ref: 6CCA3562
                                                                                        Strings
                                                                                        • pop from an empty deque, xrefs: 6CCA34DA
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA34D4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_free
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$pop from an empty deque
                                                                                        • API String ID: 1310082783-3696478815
                                                                                        • Opcode ID: 16fbee8218da484c1cccbeb4b0961d0b67becb4cbff39c1351d714ca47da47c2
                                                                                        • Instruction ID: b155d6e436f7a41b5491226a18b138e609289bedc8539e01209313c17456828e
                                                                                        • Opcode Fuzzy Hash: 16fbee8218da484c1cccbeb4b0961d0b67becb4cbff39c1351d714ca47da47c2
                                                                                        • Instruction Fuzzy Hash: 0321DA72A046024FD324CF5DE844562B7F4FB45338F184B2DD85A87B50E736E8068BE1
                                                                                        Function 6CCA2C00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|zi:utf_32_encode,?,?,?), ref: 6CCA2C29
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2C3F
                                                                                        • PyUnicodeUCS2_EncodeUTF32.PYTHON27(?,?,00000000,00000000), ref: 6CCA2C60
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Arg_EncodeFromObjectParseSizeTuple_
                                                                                        • String ID: O|zi:utf_32_encode
                                                                                        • API String ID: 1839821152-3782673755
                                                                                        • Opcode ID: 6ae05c130ffde0d3ac939d517e6afe2f7be685f71f1fc62bf7d51d99f0937871
                                                                                        • Instruction ID: a447134714ae1fc9016cd0ee491e44372480b19282a9ae3d9581a6c5acf75304
                                                                                        • Opcode Fuzzy Hash: 6ae05c130ffde0d3ac939d517e6afe2f7be685f71f1fc62bf7d51d99f0937871
                                                                                        • Instruction Fuzzy Hash: 98218EB6E00109BFD710DBDAC848E9BB7B9AB88328F154294E81DD7651F730DA06C7A1
                                                                                        Function 6CCA29E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|zi:utf_16_encode,?,?,?), ref: 6CCA2A09
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2A1F
                                                                                        • PyUnicodeUCS2_EncodeUTF16.PYTHON27(?,?,00000000,00000000), ref: 6CCA2A40
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Arg_EncodeFromObjectParseSizeTuple_
                                                                                        • String ID: O|zi:utf_16_encode
                                                                                        • API String ID: 1839821152-1271604007
                                                                                        • Opcode ID: a014415d26748528833b9be78a4185b6c100efff0a97e1fa90f564a1cf1675fd
                                                                                        • Instruction ID: b58ce1c296a93f97aee08c2d4069c2b99c7d6c6330aa8ee70b6cb9b6ab64ab07
                                                                                        • Opcode Fuzzy Hash: a014415d26748528833b9be78a4185b6c100efff0a97e1fa90f564a1cf1675fd
                                                                                        • Instruction Fuzzy Hash: 8A21A1B6A00105AFD710DBDACC48E9BB7B9EB84324F1582A4E81D97750F730EE46C7A1
                                                                                        Function 6CD59670 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,000000E4,?,?,?,?,?,6CD59766,?), ref: 6CD596A0
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,cannot add more objects to list,?,?,?,?,?,6CD59766,?), ref: 6CD596C5
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5969A
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD59695
                                                                                        • cannot add more objects to list, xrefs: 6CD596BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatString
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c$cannot add more objects to list
                                                                                        • API String ID: 4212644371-2880859640
                                                                                        • Opcode ID: 80eb266f642cd15458979029ad04d4332c9d3bdcdf8ecc0e3b792c7f5941d9de
                                                                                        • Instruction ID: 12659222e76751a07c397e1067c5655948a9ec083bd214f35690cc7d5a280443
                                                                                        • Opcode Fuzzy Hash: 80eb266f642cd15458979029ad04d4332c9d3bdcdf8ecc0e3b792c7f5941d9de
                                                                                        • Instruction Fuzzy Hash: 111126B67041045FCB009F6DEC8485573A5D785379B784B6AF928CB7E0FA32C4178BA0
                                                                                        Function 6CCA2880 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:utf_7_encode,?,?), ref: 6CCA289E
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA28B4
                                                                                        • PyUnicode_EncodeUTF7.PYTHON27(?,?,00000000,00000000,00000000), ref: 6CCA28D5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_EncodeFromObjectParseSizeTuple_UnicodeUnicode_
                                                                                        • String ID: O|z:utf_7_encode
                                                                                        • API String ID: 3513413484-4211547508
                                                                                        • Opcode ID: 9fd6a59f97c36381cee5438df8d7d7ff0d44827c4b00a63e163e9b1873ebb68f
                                                                                        • Instruction ID: 1cf025344f83565503e501f55b8f3d0f7c05c44adaf3ecb97638e6efb9491f99
                                                                                        • Opcode Fuzzy Hash: 9fd6a59f97c36381cee5438df8d7d7ff0d44827c4b00a63e163e9b1873ebb68f
                                                                                        • Instruction Fuzzy Hash: 8D11A2B6A00109AFD710DBAADC49E9A77B9AF84724F1542A4E90C97750F730EE06C7A1
                                                                                        Function 6CCA2CC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:utf_32_le_encode,?,?), ref: 6CCA2CDE
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2CF4
                                                                                        • PyUnicodeUCS2_EncodeUTF32.PYTHON27(?,?,00000000,000000FF), ref: 6CCA2D13
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Arg_EncodeFromObjectParseSizeTuple_
                                                                                        • String ID: O|z:utf_32_le_encode
                                                                                        • API String ID: 1839821152-4185464437
                                                                                        • Opcode ID: e32d891d8767b95173e34196feead84c802a1e6a953d74c5efe516085250f012
                                                                                        • Instruction ID: 18e348ef840e44b8070d31478c933616da9d14eacc38a17190f9fe5630b5ca6d
                                                                                        • Opcode Fuzzy Hash: e32d891d8767b95173e34196feead84c802a1e6a953d74c5efe516085250f012
                                                                                        • Instruction Fuzzy Hash: 5E11B4B6E00105AFD710DB9ACC49D9B77B8EB85324F1542A4E81C97751F730EE06C7A1
                                                                                        Function 6CCA2D70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:utf_32_be_encode,?,?), ref: 6CCA2D8E
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2DA4
                                                                                        • PyUnicodeUCS2_EncodeUTF32.PYTHON27(?,?,00000000,00000001), ref: 6CCA2DC3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Arg_EncodeFromObjectParseSizeTuple_
                                                                                        • String ID: O|z:utf_32_be_encode
                                                                                        • API String ID: 1839821152-834389479
                                                                                        • Opcode ID: 90f4b325ea20974019aa1529519fbe4dad3d84d53a5cb98e1d7752c32e6e6444
                                                                                        • Instruction ID: cac26117ff6776873f9963066b56d9cd532d61abde544322aba02ff8970d09a3
                                                                                        • Opcode Fuzzy Hash: 90f4b325ea20974019aa1529519fbe4dad3d84d53a5cb98e1d7752c32e6e6444
                                                                                        • Instruction Fuzzy Hash: 5011AFB6A00106AFD710DBDACC49E9B77B9EB85324F1442A4E80C97751F730EE46C7A1
                                                                                        Function 6CD65990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_CheckSignals.PYTHON27(?,6CD65D30,6CD2C365), ref: 6CD65993
                                                                                        • PyOS_CheckStack.PYTHON27(?,6CD65D30,6CD2C365), ref: 6CD6599C
                                                                                        Strings
                                                                                        • __repr__ returned non-string (type %.200s), xrefs: 6CD65A88
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Check$Err_SignalsStack
                                                                                        • String ID: __repr__ returned non-string (type %.200s)
                                                                                        • API String ID: 359474703-4223728409
                                                                                        • Opcode ID: c9ad82667d215dfd15694522c3d18596daf824bafeaf53f1ca6cb012dd69e43a
                                                                                        • Instruction ID: 7ecb4aa8a70cce948177f06d3f3d197b7bf376a76f3a10305045c77632770f5c
                                                                                        • Opcode Fuzzy Hash: c9ad82667d215dfd15694522c3d18596daf824bafeaf53f1ca6cb012dd69e43a
                                                                                        • Instruction Fuzzy Hash: 7521DC31710610CFD710CB6AD980F4AB3B8EF44738F14822AE8198BA62E335F881CB94
                                                                                        Function 6CD44510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • _PyObject_GC_Malloc.PYTHON27(0000007C,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44588
                                                                                        • memset.MSVCR90 ref: 6CD445AA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromMallocObject_StringString_memset
                                                                                        • String ID: (}l$<dummy key>
                                                                                        • API String ID: 1835424476-3881160533
                                                                                        • Opcode ID: 7704fa61d5c206d1cb40733a1294ce2eecd50044270abea3f4338ed33ae301ab
                                                                                        • Instruction ID: 4cecd2b3cd44d4a3aa4c36c8b40e4090429e9b3b5c73febba17c5c2b900b5adb
                                                                                        • Opcode Fuzzy Hash: 7704fa61d5c206d1cb40733a1294ce2eecd50044270abea3f4338ed33ae301ab
                                                                                        • Instruction Fuzzy Hash: 2D11C0B2A143008FCB309F99E881752F7F4EB45328B504A3EDA8987F10E376A549CBD1
                                                                                        Function 6CCA31F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:mbcs_encode,?,?), ref: 6CCA320E
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA3224
                                                                                        • PyUnicode_EncodeMBCS.PYTHON27(?,?,00000000), ref: 6CCA3241
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_EncodeFromObjectParseSizeTuple_UnicodeUnicode_
                                                                                        • String ID: O|z:mbcs_encode
                                                                                        • API String ID: 3513413484-52123863
                                                                                        • Opcode ID: 9ca562b4bc5595a0a31b1e9c837aca53c7a32d5c0d9c58629b57c1fd636ced29
                                                                                        • Instruction ID: 657e12a4c2bff5535a86d6da9f738bbc6302412f013dab7932fe031f9f0570ba
                                                                                        • Opcode Fuzzy Hash: 9ca562b4bc5595a0a31b1e9c837aca53c7a32d5c0d9c58629b57c1fd636ced29
                                                                                        • Instruction Fuzzy Hash: 0311B1B6A00105AFD700DBD9DC49E9AB7B8EB84324F1842A4E80887751F730EE06C7E1
                                                                                        Function 6CCA2ED0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:raw_unicode_escape_encode,?,?), ref: 6CCA2EEE
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2F04
                                                                                        • PyUnicodeUCS2_EncodeRawUnicodeEscape.PYTHON27(?,?), ref: 6CCA2F1D
                                                                                        Strings
                                                                                        • O|z:raw_unicode_escape_encode, xrefs: 6CCA2EE1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unicode$Arg_EncodeEscapeFromObjectParseSizeTuple_
                                                                                        • String ID: O|z:raw_unicode_escape_encode
                                                                                        • API String ID: 3152522952-1418163826
                                                                                        • Opcode ID: f37d16e3429c64ac0c430e87729985a2d07edee9a88f5251b5dbc52368c744d5
                                                                                        • Instruction ID: 5170d28ff16a901a6fca527762b2c11a9b9093ad406db4769062a2ea1e0d9c21
                                                                                        • Opcode Fuzzy Hash: f37d16e3429c64ac0c430e87729985a2d07edee9a88f5251b5dbc52368c744d5
                                                                                        • Instruction Fuzzy Hash: 0C11D375A00116ABCB00DBDADC48D8B77B8EB85324F1542A4E80D87711F734EE06C7E1
                                                                                        Function 6CDB51A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(?,?,?,?,?,?,6CD881B6,?,-000000FF,?,?,?,?,6CCA2548), ref: 6CDB51DA
                                                                                        • PyDict_GetItem.PYTHON27(00000000,00000000,?,?,?,6CCA2548), ref: 6CDB51EA
                                                                                        • PyErr_Format.PYTHON27(6CEE5A68,unknown error handler name '%.400s',?,?,?,?,6CCA2548), ref: 6CDB5217
                                                                                          • Part of subcall function 6CDB5BD0: Py_FatalError.PYTHON27(GC object already tracked,?,?,?,6CCA2548), ref: 6CDB5C28
                                                                                          • Part of subcall function 6CDB5BD0: PyDict_New.PYTHON27(?,?,?,6CCA2548), ref: 6CDB5C57
                                                                                          • Part of subcall function 6CDB5BD0: PyDict_New.PYTHON27(?,?,?,6CCA2548), ref: 6CDB5C5F
                                                                                          • Part of subcall function 6CDB5BD0: PyCFunction_NewEx.PYTHON27(6CEC6BFC,00000000,00000000,?,?,?,6CCA2548), ref: 6CDB5C78
                                                                                          • Part of subcall function 6CDB5BD0: Py_FatalError.PYTHON27(can't initialize codec error registry,?,?,?,?,?,?,6CCA2548), ref: 6CDB5C8B
                                                                                          • Part of subcall function 6CDB5BD0: PyCodec_RegisterError.PYTHON27(strict,00000000,?,?,?,?,?,?,6CCA2548), ref: 6CDB5C9B
                                                                                          • Part of subcall function 6CDB5BD0: Py_FatalError.PYTHON27(can't initialize codec error registry,?,?,?,?,?,?,?,?,6CCA2548), ref: 6CDB5CBF
                                                                                          • Part of subcall function 6CDB5BD0: Py_FatalError.PYTHON27(can't initialize codec registry,?,?,?,6CCA2548), ref: 6CDB5CEA
                                                                                          • Part of subcall function 6CDB5BD0: _PyImport_AcquireLock.PYTHON27(?,?,?,?,6CCA2548), ref: 6CDB5CF2
                                                                                          • Part of subcall function 6CDB5BD0: _PyImport_ReleaseLock.PYTHON27(?,?,?,?,?,?,?,6CCA2548), ref: 6CDB5D0C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Fatal$Dict_$Import_Lock$AcquireCodec_Err_FormatFromFunction_ItemRegisterReleaseStringString_
                                                                                        • String ID: strict$unknown error handler name '%.400s'
                                                                                        • API String ID: 1875080234-1473117067
                                                                                        • Opcode ID: d39720061e1d490a659ec69c06388a4b7e5840a2d0f576ca701c832a7aa7b838
                                                                                        • Instruction ID: 86176e347256715dc72f0ca7ab1b3bc70206e369787b4c32d1b59b91fb5fe65f
                                                                                        • Opcode Fuzzy Hash: d39720061e1d490a659ec69c06388a4b7e5840a2d0f576ca701c832a7aa7b838
                                                                                        • Instruction Fuzzy Hash: 801140B370160487C6109B99EC80957B3A8EB451B9F250375ED1DD7B50FB31EC0583E1
                                                                                        Function 6CD6BFE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?,?,?,00000000,?,?,6CD3FD81,?,?,?,?), ref: 6CD6C006
                                                                                        • PyType_IsSubtype.PYTHON27(?,?,?,?), ref: 6CD6C018
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\setobject.c,00000934,?,?,?,?), ref: 6CD6C039
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6C033
                                                                                        • ..\Objects\setobject.c, xrefs: 6CD6C02E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: SubtypeType_$Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\setobject.c
                                                                                        • API String ID: 1453002970-1012936799
                                                                                        • Opcode ID: 8a4a9d9ed6085fb115ee4bd1d2176ff63d8a6fb731ff7f43dee6937e81abf46c
                                                                                        • Instruction ID: ecc9a1257b7861c3a2c85c932cd05e745231726c0b0759e1b1de1b6d4edf613e
                                                                                        • Opcode Fuzzy Hash: 8a4a9d9ed6085fb115ee4bd1d2176ff63d8a6fb731ff7f43dee6937e81abf46c
                                                                                        • Instruction Fuzzy Hash: 7711E7766005049B8B00DB5EEC8189BB3A8DB85279F148265FC1CD7B61E635FC15C6E1
                                                                                        Function 6CD39FA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_GetItem.PYTHON27(?,00000000,?,00000000,?,?,?,6CD39C75,00000000,?,?), ref: 6CD39FB5
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,00000072), ref: 6CD39FEF
                                                                                        • PyTuple_GetItem.PYTHON27(?,00000000,?,?), ref: 6CD3A01D
                                                                                        Strings
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD39FE4
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD39FE9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Item$Dict_Err_FormatTuple_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c
                                                                                        • API String ID: 1227451338-1285866127
                                                                                        • Opcode ID: 295c07698dba86bc3bf22dff49fd86b8e788e50a7358e157247710f135e62370
                                                                                        • Instruction ID: 3490b8d1d131c48c71813d90e5d7be797393d429e75526f27bbc3372efdd3cc2
                                                                                        • Opcode Fuzzy Hash: 295c07698dba86bc3bf22dff49fd86b8e788e50a7358e157247710f135e62370
                                                                                        • Instruction Fuzzy Hash: 3D11907A704214AFD710CF96EC4099BB3A8EB86268F00C619FD6C87B50D735E8158BE1
                                                                                        Function 6CCA4620 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_CallFunction.PYTHON27(?,6CDEAF04,?,00000000), ref: 6CCA463D
                                                                                          • Part of subcall function 6CD2F1F0: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F217
                                                                                        • PyObject_CallFunction.PYTHON27(?,6CDEAF08,?,?,00000000), ref: 6CCA4652
                                                                                        • PyType_IsSubtype.PYTHON27(?,6CF0FF60), ref: 6CCA4671
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s() must return a deque, not %.200s,?,?), ref: 6CCA4694
                                                                                        Strings
                                                                                        • %.200s() must return a deque, not %.200s, xrefs: 6CCA468E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallErr_FunctionObject_$FormatStringSubtypeType_
                                                                                        • String ID: %.200s() must return a deque, not %.200s
                                                                                        • API String ID: 3684490585-3321660540
                                                                                        • Opcode ID: d4c64ca8474b5e5184108b33477d587b1965eba8a60b90ad6f2fd61a1dd8e6ba
                                                                                        • Instruction ID: 9b10b7d2b884851e5ac0caebc3ac6f7835d9df6bcc7d8cd6198f4332cc84ebdf
                                                                                        • Opcode Fuzzy Hash: d4c64ca8474b5e5184108b33477d587b1965eba8a60b90ad6f2fd61a1dd8e6ba
                                                                                        • Instruction Fuzzy Hash: 3E11A0B66045126BD600D7A9EC84C56B3B8EB957397244719F92C87B61EA21EC02C7A0
                                                                                        Function 6CCA7DE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(a partial object's dictionary may not be deleted), ref: 6CCA7DFA
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,a partial object's dictionary may not be deleted), ref: 6CCA7E03
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,setting partial object's dictionary to a non-dict), ref: 6CCA7E40
                                                                                        Strings
                                                                                        • setting partial object's dictionary to a non-dict, xrefs: 6CCA7E3A
                                                                                        • a partial object's dictionary may not be deleted, xrefs: 6CCA7DF5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_
                                                                                        • String ID: a partial object's dictionary may not be deleted$setting partial object's dictionary to a non-dict
                                                                                        • API String ID: 354487993-3418915442
                                                                                        • Opcode ID: 4c8ba842f191fd6e1f4129c9f33809296e08cce928871e256fad6650031549ab
                                                                                        • Instruction ID: c7e1fc8fdf7e0baa1ca482de8c2b661504842f95eefc28856e2471d8856ca95a
                                                                                        • Opcode Fuzzy Hash: 4c8ba842f191fd6e1f4129c9f33809296e08cce928871e256fad6650031549ab
                                                                                        • Instruction Fuzzy Hash: DC11C136A016025FD614CBA9B84489637A4AB86338B140399EC288B7E0F735EC5697D1
                                                                                        Function 6CD2D8D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • int() argument must be a string or a number, not '%.200s', xrefs: 6CD2DAA6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: int() argument must be a string or a number, not '%.200s'
                                                                                        • API String ID: 0-4148199198
                                                                                        • Opcode ID: 68b3551d61e17b364a959b7d643d40eb44c37ce806da4f0cbdb035fd19f4e869
                                                                                        • Instruction ID: 73a2a8ca3fb6476c71be382c7d0b023c0212b37960017e4556abaebc432df8b8
                                                                                        • Opcode Fuzzy Hash: 68b3551d61e17b364a959b7d643d40eb44c37ce806da4f0cbdb035fd19f4e869
                                                                                        • Instruction Fuzzy Hash: ED01D636A05544ABD700DB558940FEF33B99F80A5CF24015CED0657B60EB39E90AD6E1
                                                                                        Function 6CD466F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_New.PYTHON27 ref: 6CD4670B
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • PyDict_Merge.PYTHON27(00000000,?,00000001), ref: 6CD4671A
                                                                                          • Part of subcall function 6CD46460: PyDict_GetItem.PYTHON27(00000000,?,?,?,?,?,?,6CD46452,?,?,00000001), ref: 6CD4650F
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006CD), ref: 6CD4675C
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD46756
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CD46751
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_$Err_FormatFromItemMergeStringString_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c
                                                                                        • API String ID: 3192880165-1541589624
                                                                                        • Opcode ID: 3010ca27f64dc2df8b0e329c1daae9ee92696a95de497467e471f48220504d42
                                                                                        • Instruction ID: 061b7e1d927e3e3ae90d62b2b235fff4c1862713926c875fa623d59e181c1c0a
                                                                                        • Opcode Fuzzy Hash: 3010ca27f64dc2df8b0e329c1daae9ee92696a95de497467e471f48220504d42
                                                                                        • Instruction Fuzzy Hash: 62012B3670561057C610BBA96C01E9E73ACCB81638F14836AFE2DD7F90EA11D813C2D1
                                                                                        Function 00401D60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                        • String ID: undef symbol$undefined symbol %s -> exit(-1)
                                                                                        • API String ID: 310444273-3880521481
                                                                                        • Opcode ID: f28070308f0c5a66d053ef89d1ff9b282d5ce64fd2970f6b05dc0e2cfe902d45
                                                                                        • Instruction ID: ce5dc5e057ab4e2a43885ee57fcd922f747e18a9ab2ef1d2ec3eba6c30d75da0
                                                                                        • Opcode Fuzzy Hash: f28070308f0c5a66d053ef89d1ff9b282d5ce64fd2970f6b05dc0e2cfe902d45
                                                                                        • Instruction Fuzzy Hash: 2B01D872900201ABE7106B68FD44A9773E8DFC0355F14443FF844E62E0E63CD8D18A69
                                                                                        Function 6CD4A6E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,object), ref: 6CD4A6FD
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,object), ref: 6CD4A726
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$object
                                                                                        • API String ID: 376477240-465120111
                                                                                        • Opcode ID: ddfbec5015157af3cf79f7aa501aec5aa343819f50c98a654e1d4213242270ba
                                                                                        • Instruction ID: 7c6c4137b762ea7a667590ad50e235172a7cd5ebb2cd22939fc687796ee6bb9c
                                                                                        • Opcode Fuzzy Hash: ddfbec5015157af3cf79f7aa501aec5aa343819f50c98a654e1d4213242270ba
                                                                                        • Instruction Fuzzy Hash: CA0192756546059FC700DFA8D840A4573B8AF15338B2487A5E92C8F791D736E882CBD0
                                                                                        Function 6CD65080 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(0000000C,00000000,00000000,?,6CDC7421,00000014,?,6CDCDEB4), ref: 6CD6508E
                                                                                        • PyString_FromString.PYTHON27(?,00000014,?,6CDCDEB4), ref: 6CD650B1
                                                                                        • PyDict_New.PYTHON27(?,00000014,?,6CDCDEB4), ref: 6CD650BB
                                                                                          • Part of subcall function 6CD44510: PyString_FromString.PYTHON27(<dummy key>,00000000,00000000,00000000,?,?,6CD650C0,?,00000014,?,6CDCDEB4), ref: 6CD44529
                                                                                        • PyDict_SetItemString.PYTHON27(00000000,__name__,00000000,?,00000014,?,6CDCDEB4), ref: 6CD650D2
                                                                                          • Part of subcall function 6CD47460: PyString_FromString.PYTHON27(00000000,?,?,6CD650D7,00000000,__name__,00000000,?,00000014,?,6CDCDEB4), ref: 6CD47468
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$FromString_$Dict_$ItemMallocObject_
                                                                                        • String ID: __name__
                                                                                        • API String ID: 2659566555-3954359393
                                                                                        • Opcode ID: 0ac676a74edb59aca258ab0d848fefc88fdb864c00c6fdbd4dd083011b8c8709
                                                                                        • Instruction ID: 964da0f26715084111948da4b1d2a002f4a1362ed36d4a1a6af17fb80f7f448e
                                                                                        • Opcode Fuzzy Hash: 0ac676a74edb59aca258ab0d848fefc88fdb864c00c6fdbd4dd083011b8c8709
                                                                                        • Instruction Fuzzy Hash: 8A01D8B2901A0197C7108B66AC0599777B4AF41374F244725ED3C8BFA1F738E991C7D1
                                                                                        Function 6CD4A840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,object), ref: 6CD4A85D
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,object), ref: 6CD4A886
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$object
                                                                                        • API String ID: 376477240-465120111
                                                                                        • Opcode ID: c6e02bd114d2f75836f6debb51895353e4af33cd01e38a0a008b6a94b87c7154
                                                                                        • Instruction ID: 5ff459ad55ae614b700705836191c5623c3ec640c56a4fe13a14c4e31de21479
                                                                                        • Opcode Fuzzy Hash: c6e02bd114d2f75836f6debb51895353e4af33cd01e38a0a008b6a94b87c7154
                                                                                        • Instruction Fuzzy Hash: 90019271A402059FD700CFA8D840945B7B8EF05328B248795F92C8F7A1D736E893CBD0
                                                                                        Function 6CD2DE70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyNumber_Index.PYTHON27(?), ref: 6CD2DE7B
                                                                                          • Part of subcall function 6CD2D650: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine,?,?,6CD2D72E,?,?,?,?,6CD2B2E8,6CD2EF3A,6CEE5B38), ref: 6CD2D673
                                                                                        • _PyLong_Format.PYTHON27(00000000,?,00000000,00000001), ref: 6CD2DEA3
                                                                                        Strings
                                                                                        • PyNumber_ToBase: index not int or long, xrefs: 6CD2DECF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatIndexLong_Number_String
                                                                                        • String ID: PyNumber_ToBase: index not int or long
                                                                                        • API String ID: 2826168078-4256377746
                                                                                        • Opcode ID: 0e77e5eca6062abb48efae8000c908dace65d90d3c68f3782c25cee48c7b536a
                                                                                        • Instruction ID: 62e87281cdb10a3959dec9ea9c5870b52b44b47cd0361fee7a1c3bddf4dbbcf8
                                                                                        • Opcode Fuzzy Hash: 0e77e5eca6062abb48efae8000c908dace65d90d3c68f3782c25cee48c7b536a
                                                                                        • Instruction Fuzzy Hash: EF01D6B6640600A7D711DF559C40FDB33A99F94728F104624FB688B7A0D739E946C7E1
                                                                                        Function 6CCAA040 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(profiler already active), ref: 6CCAA05C
                                                                                        • PyErr_SetObject.PYTHON27(?,00000000,profiler already active), ref: 6CCAA065
                                                                                        • PyErr_SetString.PYTHON27(?,profiler already closed), ref: 6CCAA09F
                                                                                        Strings
                                                                                        • profiler already active, xrefs: 6CCAA057
                                                                                        • profiler already closed, xrefs: 6CCAA099
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_
                                                                                        • String ID: profiler already active$profiler already closed
                                                                                        • API String ID: 354487993-669324291
                                                                                        • Opcode ID: 0f012447cc831a3e6836674ffae85cad16fa43ce49bc5a88c0eba877d9c75024
                                                                                        • Instruction ID: 810e788f7ca9a13f45d7b7c7b80aed6f76c25a4f732c6ef79183cb46f1980048
                                                                                        • Opcode Fuzzy Hash: 0f012447cc831a3e6836674ffae85cad16fa43ce49bc5a88c0eba877d9c75024
                                                                                        • Instruction Fuzzy Hash: 02F07D37A125145FD2149699AC0DBE633D8CBC9338F1403B6DC1843BD0FA76A81B87E5
                                                                                        Function 6CD3ED40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,PyCObject_GetDesc with non-C-object), ref: 6CD3ED6C
                                                                                        • PyString_FromString.PYTHON27(PyCObject_GetDesc called with null pointer), ref: 6CD3ED8B
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,PyCObject_GetDesc called with null pointer), ref: 6CD3ED94
                                                                                        Strings
                                                                                        • PyCObject_GetDesc called with null pointer, xrefs: 6CD3ED86
                                                                                        • PyCObject_GetDesc with non-C-object, xrefs: 6CD3ED66
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_
                                                                                        • String ID: PyCObject_GetDesc called with null pointer$PyCObject_GetDesc with non-C-object
                                                                                        • API String ID: 354487993-3115127300
                                                                                        • Opcode ID: af8c4a22fe4f1399c444f9671b69b4b0f8df43f003a1ae8d10b868334a61be72
                                                                                        • Instruction ID: fe391965b1536adad1ee4c9f45c0fa94ab6d2451c3d25c1f09ead6635253d6b6
                                                                                        • Opcode Fuzzy Hash: af8c4a22fe4f1399c444f9671b69b4b0f8df43f003a1ae8d10b868334a61be72
                                                                                        • Instruction Fuzzy Hash: 5201F232A100219BC611CBA8BC049D633B8DB46278B140354EC2C87BD0E735EC51C3E1
                                                                                        Function 6CD44F20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000002FB,00000000,?,?,6CDC73E7,00000000,00000000,?,?,6CDCDEB4), ref: 6CD44F4D
                                                                                        • PyObject_Hash.PYTHON27(?,00000000,?,?,6CDC73E7,00000000,00000000,?,?,6CDCDEB4), ref: 6CD44F72
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatHashObject_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c$hl
                                                                                        • API String ID: 896634218-3408111369
                                                                                        • Opcode ID: ed5b6d51f34be5a568b90ff122eb3ca2a6ee49187cba0ae548d79dca2be677fe
                                                                                        • Instruction ID: 124247d3e43e0f56b580253ea281b78152f708d0c5cdb8f94ca4edf83cc814cb
                                                                                        • Opcode Fuzzy Hash: ed5b6d51f34be5a568b90ff122eb3ca2a6ee49187cba0ae548d79dca2be677fe
                                                                                        • Instruction Fuzzy Hash: D50126316055009BC710AF699C41DAAB3B8DB45238F14C729FD3C87EA1DB30F89286D1
                                                                                        Function 6CD6BED0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BEEC
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BF06
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\setobject.c,00000919), ref: 6CD6BF2C
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6BF26
                                                                                        • ..\Objects\setobject.c, xrefs: 6CD6BF21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: SubtypeType_$Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\setobject.c
                                                                                        • API String ID: 1453002970-1012936799
                                                                                        • Opcode ID: 5cebeff3810ae08e57eca0cf63de70d4bf468902269a50c5afd6b212a435fddd
                                                                                        • Instruction ID: 69e9f3928b31bed9814b00c561c7905ad7de6492db45325d70abd402bbdd84b1
                                                                                        • Opcode Fuzzy Hash: 5cebeff3810ae08e57eca0cf63de70d4bf468902269a50c5afd6b212a435fddd
                                                                                        • Instruction Fuzzy Hash: B6F0283AA01100678A00975AAC028A973B88B4117DF254652FC38A7FF1EB26B911DAF6
                                                                                        Function 00401660 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • strncpy.MSVCR90 ref: 004016BA
                                                                                        • GetFullPathNameA.KERNEL32(00406580,00000104,00406580,004019BA,6CFAF18A,?,004019BA), ref: 004016E7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FullNamePathstrncpy
                                                                                        • String ID: ^@$ ^@$C:\Users\user\AppData\Local\Temp\common.bin
                                                                                        • API String ID: 567410384-546002614
                                                                                        • Opcode ID: cd1a6e09d00ee151c9fa4b3db23d9f46a47509955db2e1ef7978f412654ecde5
                                                                                        • Instruction ID: 0003fd1b2bd6f8a6e0c4509e74986bfdb13ef7a1d1aa951a95ab66f08de7795f
                                                                                        • Opcode Fuzzy Hash: cd1a6e09d00ee151c9fa4b3db23d9f46a47509955db2e1ef7978f412654ecde5
                                                                                        • Instruction Fuzzy Hash: 2D01B5B14042409FC310CB24FC1CB977794E744300F99487BE48AFB2D4E77A55288B9D
                                                                                        Function 6CCA8FC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(logreader's file object already closed), ref: 6CCA8FDD
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5D10,00000000,logreader's file object already closed), ref: 6CCA8FE6
                                                                                        • _fileno.MSVCR90 ref: 6CCA900C
                                                                                        • PyInt_FromLong.PYTHON27(00000000), ref: 6CCA9013
                                                                                        Strings
                                                                                        • logreader's file object already closed, xrefs: 6CCA8FD8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Err_Int_LongObjectStringString__fileno
                                                                                        • String ID: logreader's file object already closed
                                                                                        • API String ID: 2431734947-2904759066
                                                                                        • Opcode ID: 5f02444f6a9d7045f81dfdaf15027c170899c17c67032ea1b054de3705984a0f
                                                                                        • Instruction ID: aeebbeebc4dd9bd2e8db63051083ab5d3e17362bec9d8b504800c1481d70356b
                                                                                        • Opcode Fuzzy Hash: 5f02444f6a9d7045f81dfdaf15027c170899c17c67032ea1b054de3705984a0f
                                                                                        • Instruction Fuzzy Hash: F6F02B77A00505178610ABEDAC098AB33ACCF8A278B154365FD5887B80FB27E91787E1
                                                                                        Function 6CDAE7C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyOS_CheckStack.PYTHON27(?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE7CA
                                                                                        • PyErr_SetString.PYTHON27(6CEE67A8,Stack overflow,?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE7E1
                                                                                        • PyErr_Format.PYTHON27(6CEE5248,maximum recursion depth exceeded%s,00000000,?,?,6CD2F0AA, while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CDAE810
                                                                                        Strings
                                                                                        • Stack overflow, xrefs: 6CDAE7DB
                                                                                        • maximum recursion depth exceeded%s, xrefs: 6CDAE80A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$CheckFormatStackString
                                                                                        • String ID: Stack overflow$maximum recursion depth exceeded%s
                                                                                        • API String ID: 3709953551-2207580994
                                                                                        • Opcode ID: d0261fa4ade95f0c98b57a5b993d99403f4752fb502520e2c4123b7dfe0ea2ab
                                                                                        • Instruction ID: 25d465400e1941de8258c4fc962accc2bb25335198175318da462d1baabc3a5a
                                                                                        • Opcode Fuzzy Hash: d0261fa4ade95f0c98b57a5b993d99403f4752fb502520e2c4123b7dfe0ea2ab
                                                                                        • Instruction Fuzzy Hash: B4F09675B141049B8A04DBF8E840C9673B8EB453783108A26F92CC3F90D735E8108B90
                                                                                        Function 6CD4A5B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,encoding), ref: 6CD4A5CE
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,encoding), ref: 6CD4A5F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$encoding
                                                                                        • API String ID: 376477240-2505966323
                                                                                        • Opcode ID: 5b974d3d160f83e6a9f3a3be389949893727f8e1ae26ef9d94ddb427471e1e91
                                                                                        • Instruction ID: ec1fb668610d0e310fb1e4e254a96a541a4c498c26ec7fb9781eeca37ad612fb
                                                                                        • Opcode Fuzzy Hash: 5b974d3d160f83e6a9f3a3be389949893727f8e1ae26ef9d94ddb427471e1e91
                                                                                        • Instruction Fuzzy Hash: B6F09B71714704AFD704DBF4F844E1633BC9F4464CF048950FA0CCBA21EB25F4545A91
                                                                                        Function 6CD4A550 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,encoding), ref: 6CD4A56E
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,encoding), ref: 6CD4A596
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$encoding
                                                                                        • API String ID: 376477240-2505966323
                                                                                        • Opcode ID: 5b974d3d160f83e6a9f3a3be389949893727f8e1ae26ef9d94ddb427471e1e91
                                                                                        • Instruction ID: 6159a2335ce1a896c9eb620e2ed97a4634162a3358620972009db9676b1aa841
                                                                                        • Opcode Fuzzy Hash: 5b974d3d160f83e6a9f3a3be389949893727f8e1ae26ef9d94ddb427471e1e91
                                                                                        • Instruction Fuzzy Hash: FFF06575B14304AFD704DBB4F944E1633BC9B4464CF048950FA0CCBA21E725F4545A91
                                                                                        Function 6CD4A620 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,object), ref: 6CD4A63E
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,object), ref: 6CD4A666
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$object
                                                                                        • API String ID: 376477240-465120111
                                                                                        • Opcode ID: edc1b563c794e58df214dabed54d98e1c93b5e04b1b8a17c38197ed30f8405e3
                                                                                        • Instruction ID: 67d1c9b236cc7089e236c19c2afd21b768b4276e04927206f50e9d2d1febae09
                                                                                        • Opcode Fuzzy Hash: edc1b563c794e58df214dabed54d98e1c93b5e04b1b8a17c38197ed30f8405e3
                                                                                        • Instruction Fuzzy Hash: 83F09276B50309AFD704DBF4F840E2533FCAB64288F148961F91CDBA21EB29E4649A90
                                                                                        Function 6CD4A9B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,reason), ref: 6CD4A9CE
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,reason), ref: 6CD4A9F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$reason
                                                                                        • API String ID: 376477240-2292975759
                                                                                        • Opcode ID: 5f0f1a0bca18d536890dac5d68badbbdd17fd61bf8608ad1635554d633e29b3e
                                                                                        • Instruction ID: e3957c802636e34d2fa14d1176f82a43f46ddac5c0e6fa3317f609ab4a4fcd5d
                                                                                        • Opcode Fuzzy Hash: 5f0f1a0bca18d536890dac5d68badbbdd17fd61bf8608ad1635554d633e29b3e
                                                                                        • Instruction Fuzzy Hash: E7F06D72B54304EFD700DBE5F941F2533BCAB84288B148960F90C8BE11EB35E4659B90
                                                                                        Function 6CD4A950 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,reason), ref: 6CD4A96E
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be str,reason), ref: 6CD4A996
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be str$%.200s attribute not set$reason
                                                                                        • API String ID: 376477240-2292975759
                                                                                        • Opcode ID: 5f0f1a0bca18d536890dac5d68badbbdd17fd61bf8608ad1635554d633e29b3e
                                                                                        • Instruction ID: 3bc359c8cdc1db29ca496d4bfdd73c8ef1ea045d782ce8d2ea32d1513dfba84c
                                                                                        • Opcode Fuzzy Hash: 5f0f1a0bca18d536890dac5d68badbbdd17fd61bf8608ad1635554d633e29b3e
                                                                                        • Instruction Fuzzy Hash: C3F06D76B50204EFD704DBE5F940F2533BCAB84288B148960F90C8BE21EB35E4659B91
                                                                                        Function 6CD4A500 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute not set,object,6CD4A69F), ref: 6CD4A514
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%.200s attribute must be unicode,object), ref: 6CD4A53C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %.200s attribute must be unicode$%.200s attribute not set$object
                                                                                        • API String ID: 376477240-1433534347
                                                                                        • Opcode ID: ad488166beb5586c180534c81812bbcd17f0ea0221380fc339fb2202f623c104
                                                                                        • Instruction ID: 5d005ba462315bbf27ce0adf6dd0a3cfcecc875dc0a61d4b307f7db29a3fed74
                                                                                        • Opcode Fuzzy Hash: ad488166beb5586c180534c81812bbcd17f0ea0221380fc339fb2202f623c104
                                                                                        • Instruction Fuzzy Hash: 9CE086B6B01140AEDB00D770AD40F5533B45B94289F148964F915DBD11EB29D4156650
                                                                                        Function 6CD44CD0 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Memory$freemallocmemset
                                                                                        • String ID:
                                                                                        • API String ID: 1522105653-0
                                                                                        • Opcode ID: 16692ade67a34fb3da3a412255ff4bf97a53fc6c351d48e6218efe80fac54d2a
                                                                                        • Instruction ID: 92f92197266692f9a9e329083cd030baea0e505d7615489b676fb96bd19c3bf2
                                                                                        • Opcode Fuzzy Hash: 16692ade67a34fb3da3a412255ff4bf97a53fc6c351d48e6218efe80fac54d2a
                                                                                        • Instruction Fuzzy Hash: AD41B471A006058BDB10CFA5D8C069AB3F9EF44328F24C66ADA19C7B60E774E9C5CB91
                                                                                        Function 004017D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: freemalloc
                                                                                        • String ID: ,R@$no mem for late sys.path$path
                                                                                        • API String ID: 3061335427-4293072127
                                                                                        • Opcode ID: c4401dd601d074f02072bd3f5982eeff70958d79786ea3440c8d628079098a5a
                                                                                        • Instruction ID: e471e226a36cf7089748808a910ea1bc09ef1ea7ee1f164221155ef36efc28ae
                                                                                        • Opcode Fuzzy Hash: c4401dd601d074f02072bd3f5982eeff70958d79786ea3440c8d628079098a5a
                                                                                        • Instruction Fuzzy Hash: 013149326005061BC70656386C285B77BD5DF95344318817AFC8BEB3A1EE36DD0A87C8
                                                                                        Function 6CDD0600 Relevance: 7.6, APIs: 5, Instructions: 76threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • malloc.MSVCR90 ref: 6CDD0607
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6CDD065C
                                                                                        • _PyThreadState_Init.PYTHON27(00000000), ref: 6CDD0692
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 6CDD06C9
                                                                                        • SetEvent.KERNEL32(?), ref: 6CDD06D7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$CurrentDecrementEventInitInterlockedState_malloc
                                                                                        • String ID:
                                                                                        • API String ID: 743730388-0
                                                                                        • Opcode ID: ef11bc3b5366fbbca5448b17e7e903e4ec205cdf60ca99255a570d03aa08302f
                                                                                        • Instruction ID: b633f0779d2669e0a4a2a734551aa8283f3bf0cae3afd29ee24f14d297c9edd9
                                                                                        • Opcode Fuzzy Hash: ef11bc3b5366fbbca5448b17e7e903e4ec205cdf60ca99255a570d03aa08302f
                                                                                        • Instruction Fuzzy Hash: A131F1B1E11B41DFD7609F6A8584546FBF4BB892647A18A2EE6AE83B10C335B444CF90
                                                                                        Function 6CCB00C0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_Call.PYTHON27(?,00000000,00000000), ref: 6CCB00D5
                                                                                          • Part of subcall function 6CD2F070: _Py_CheckRecursiveCall.PYTHON27( while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CD2F0A5
                                                                                          • Part of subcall function 6CD2F070: PyErr_SetString.PYTHON27(6CEE65C8,NULL result without error in PyObject_Call,?,00000000,00000000), ref: 6CD2F0E4
                                                                                        • PyErr_WriteUnraisable.PYTHON27(?), ref: 6CCB00E7
                                                                                          • Part of subcall function 6CDC0B50: PySys_GetObject.PYTHON27(stderr,00000000,?,?,?,?,6CD98367,?), ref: 6CDC0B80
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteString.PYTHON27(Exception ,00000000,?,?,?,6CD98367,?), ref: 6CDC0B98
                                                                                          • Part of subcall function 6CDC0B50: strrchr.MSVCR90 ref: 6CDC0BC3
                                                                                          • Part of subcall function 6CDC0B50: PyObject_GetAttrString.PYTHON27(?,__module__,?,?,?,?,?,6CD98367,?), ref: 6CDC0BD9
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteString.PYTHON27(<unknown>,00000000,?,?,?,?,?,?,?,6CD98367,?), ref: 6CDC0BF0
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteString.PYTHON27(00000000,00000000,?,?,?,?,?,?,?,?,6CD98367,?), ref: 6CDC0C5E
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteString.PYTHON27(6CE9B634,00000000,?,?,?,?,?,?,?,?,?,?,6CD98367,?), ref: 6CDC0C7B
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteObject.PYTHON27(6CD98367,00000000,00000000,6CE9B634,00000000,?,?,?,?,?,?,?,?,?,?,6CD98367), ref: 6CDC0C84
                                                                                          • Part of subcall function 6CDC0B50: PyErr_Clear.PYTHON27(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CD98367), ref: 6CDC0C90
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteString.PYTHON27(<exception repr() failed>,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CDC0C9B
                                                                                          • Part of subcall function 6CDC0B50: PyFile_WriteString.PYTHON27( in ,00000000,?,?,?,?,?,6CD98367,?), ref: 6CDC0CC1
                                                                                        • PyLong_AsLongLong.PYTHON27(00000000), ref: 6CCB0105
                                                                                        • PyErr_WriteUnraisable.PYTHON27(?), ref: 6CCB014A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Write$String$File_$Err_$CallLongObjectObject_Unraisable$AttrCheckClearLong_RecursiveSys_strrchr
                                                                                        • String ID:
                                                                                        • API String ID: 3056655519-0
                                                                                        • Opcode ID: b66f01373fdc7f209e3a012efe52640bdf8d73a967fde5177f1adf63ef754037
                                                                                        • Instruction ID: c32162bed04e4ff694dfcb89d1966fa94f02ccb433053103e6c02493687c33ac
                                                                                        • Opcode Fuzzy Hash: b66f01373fdc7f209e3a012efe52640bdf8d73a967fde5177f1adf63ef754037
                                                                                        • Instruction Fuzzy Hash: 711108B6B001005BE304DBA9ED40AD6736AFBC527CF054236D50D83B50E735E85A87E1
                                                                                        Function 00401F60 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 68memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00000000,?,?,00402665,?,?,00000000), ref: 00401FB2
                                                                                        • memset.MSVCR90 ref: 00401FBB
                                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,?,00000000,?,?,00402665,?,?,00000000), ref: 00401FD0
                                                                                        • memcpy.MSVCR90(00000000,e&@,00000000,?,00402665,?,?,00000000), ref: 00401FE0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2250277504.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2250264508.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250290803.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250304842.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2250318637.0000000000407000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_400000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual$memcpymemset
                                                                                        • String ID: e&@
                                                                                        • API String ID: 2542864682-73339501
                                                                                        • Opcode ID: b1dbb98a8a60990327667ccfc5cfeecd8a2b1543ff788c04fafa38dddfff8afb
                                                                                        • Instruction ID: cabd134ca6f8edb0e33f6498aa80dca311541fbb15500bccbc1fa9ad8072609d
                                                                                        • Opcode Fuzzy Hash: b1dbb98a8a60990327667ccfc5cfeecd8a2b1543ff788c04fafa38dddfff8afb
                                                                                        • Instruction Fuzzy Hash: C61108B16043019FD314DF59CD80F2AB3E5EF88754F15482EF685AB391D674E841CB65
                                                                                        Function 6CCA9700 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • fwrite.MSVCR90 ref: 6CCA971E
                                                                                        • fflush.MSVCR90 ref: 6CCA9742
                                                                                        • memmove.MSVCR90(?,00000014,?), ref: 6CCA9761
                                                                                        • PyString_AsString.PYTHON27(?), ref: 6CCA9775
                                                                                        • PyErr_SetFromErrnoWithFilename.PYTHON27(6CEE4EC0,00000000), ref: 6CCA9785
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_ErrnoFilenameFromStringString_Withfflushfwritememmove
                                                                                        • String ID:
                                                                                        • API String ID: 2743657609-0
                                                                                        • Opcode ID: ecdde40d15bc22aee2bccf28c76cb63a41409239ae69045727146ded78e44c92
                                                                                        • Instruction ID: 50c21bf7fb758641914a118f504c29d2faf2125845ccfa1bf3a274a8a32e5870
                                                                                        • Opcode Fuzzy Hash: ecdde40d15bc22aee2bccf28c76cb63a41409239ae69045727146ded78e44c92
                                                                                        • Instruction Fuzzy Hash: 4811A3B6A002115BDB149FA9ECC99A7377CEB85328F040765ED18DB345F722D82587F2
                                                                                        Function 6CD5F5F0 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • malloc.MSVCR90 ref: 6CD5F60D
                                                                                        • PyUnicodeUCS2_EncodeDecimal.PYTHON27(?,?,00000000,00000000), ref: 6CD5F624
                                                                                        • free.MSVCR90 ref: 6CD5F631
                                                                                        • PyLong_FromString.PYTHON27(00000000,00000000,?), ref: 6CD5F648
                                                                                        • free.MSVCR90 ref: 6CD5F653
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$DecimalEncodeFromLong_StringUnicodemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 3848787443-0
                                                                                        • Opcode ID: 27c1336cb81b74768129f8fcdb4cc13e589fc58a9d2ab9471962a8f72c59c575
                                                                                        • Instruction ID: 9fa8f589b9cbe0f35f487547b4997bf033f8dca731b74c9664bc5415d5ca2b9c
                                                                                        • Opcode Fuzzy Hash: 27c1336cb81b74768129f8fcdb4cc13e589fc58a9d2ab9471962a8f72c59c575
                                                                                        • Instruction Fuzzy Hash: 66F0D17AA0111267EE005765AC09F8B3BACDF8227DF140132FA18CB6D0E671E52582A5
                                                                                        Function 6CDE79B0 Relevance: 7.5, APIs: 5, Instructions: 37threadsynchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • InterlockedCompareExchange.KERNEL32(?,00000000,000000FF), ref: 6CDE79BF
                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 6CDE79D3
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,6CDAE5C7,00000000,?,?,?,?,6CD00EC8,6CD00560,?), ref: 6CDE79E3
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6CDE79EB
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6CDE79FB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentInterlockedThread$CompareExchangeIncrementObjectSingleWait
                                                                                        • String ID:
                                                                                        • API String ID: 1009837465-0
                                                                                        • Opcode ID: 41da85660263ebe2337e13121f1b2065e5198294e8f8989b3719064d69dbaa36
                                                                                        • Instruction ID: 66c691cd64c7ca8cee065f59f1d7b921a8e18e8e31407d4cdf5d69015a405371
                                                                                        • Opcode Fuzzy Hash: 41da85660263ebe2337e13121f1b2065e5198294e8f8989b3719064d69dbaa36
                                                                                        • Instruction Fuzzy Hash: 4FF05431341512E7DB405BBD9C08765BBBCAB0A776B508322F73CD2AD0C73494508790
                                                                                        Function 6CD5DD90 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,can't convert negative long to unsigned), ref: 6CD5DDB8
                                                                                        • PyErr_SetString.PYTHON27(6CEE63F8,long too big to convert), ref: 6CD5DF06
                                                                                        Strings
                                                                                        • long too big to convert, xrefs: 6CD5DF00
                                                                                        • can't convert negative long to unsigned, xrefs: 6CD5DDB2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: can't convert negative long to unsigned$long too big to convert
                                                                                        • API String ID: 1450464846-3211828677
                                                                                        • Opcode ID: 1dd8ef069674222fee7e9e9b157da3a8be2152067966eaa47e34deec89996701
                                                                                        • Instruction ID: ddc805ff4969bc308f4076d52c70f03068394e079a71a474f22944c5d807ba18
                                                                                        • Opcode Fuzzy Hash: 1dd8ef069674222fee7e9e9b157da3a8be2152067966eaa47e34deec89996701
                                                                                        • Instruction Fuzzy Hash: DE511675A0424ADBCF00CFA8C9C02AD77B0EF55315F60476AE89597A90D734D991C770
                                                                                        Function 6CCA4400 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(deque index out of range), ref: 6CCA44DB
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5B38,00000000,deque index out of range), ref: 6CCA44E4
                                                                                        Strings
                                                                                        • deque index out of range, xrefs: 6CCA44D6
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA44D0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$deque index out of range
                                                                                        • API String ID: 1840871587-2371945496
                                                                                        • Opcode ID: d95170a835ad590859cb8b4a35462e285ce32ae064ed810060bd1b74a0b09dbf
                                                                                        • Instruction ID: b33d86b84ee3a4286fb1adc913c33fcf86efc90554d9b080189274d11f28a31c
                                                                                        • Opcode Fuzzy Hash: d95170a835ad590859cb8b4a35462e285ce32ae064ed810060bd1b74a0b09dbf
                                                                                        • Instruction Fuzzy Hash: 0131B031B015074FC704CEADE884955B7A4EB85339B198369E9288BF90EB31F8578BD0
                                                                                        Function 6CCA25D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,s*|zi:mbcs_decode,?,?,?), ref: 6CCA25F4
                                                                                        • PyUnicode_DecodeMBCSStateful.PYTHON27(?,?,?,?), ref: 6CCA2625
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_DecodeParseSizeStatefulTuple_Unicode_
                                                                                        • String ID: s*|zi:mbcs_decode
                                                                                        • API String ID: 3965784926-1507612309
                                                                                        • Opcode ID: 14fadd25a9d51d025122fb271a81d7fe73bdcecc97f4b830d3027b3fe086647c
                                                                                        • Instruction ID: 8f0ceeb2ebf6ad68050e6c47c43fc766aedc9ddd8d4f4e22205edd3f0d613e1b
                                                                                        • Opcode Fuzzy Hash: 14fadd25a9d51d025122fb271a81d7fe73bdcecc97f4b830d3027b3fe086647c
                                                                                        • Instruction Fuzzy Hash: D03193B6A01119AFDB08CFDAD895CEEB3B8EB84314B14426CE51D97651F630DD068791
                                                                                        Function 6CCADCF7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTupleAndKeywords.PYTHON27(?,?,OO&:scan_once,6CF018E4,?,Function_0000ADC0,?), ref: 6CCADD5C
                                                                                          • Part of subcall function 6CCAD510: PyString_FromString.PYTHON27(idx cannot be negative,?,?,?,?,?,6CCAC59D,FFFFFFFD,?,?,?), ref: 6CCAD532
                                                                                          • Part of subcall function 6CCAD510: PyErr_SetObject.PYTHON27(6CEE5D10,00000000,?), ref: 6CCAD53E
                                                                                          • Part of subcall function 6CCAB580: PyInt_FromLong.PYTHON27 ref: 6CCAB59D
                                                                                        Strings
                                                                                        • first argument must be a string, not %.80s, xrefs: 6CCADDD2
                                                                                        • OO&:scan_once, xrefs: 6CCADD4E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Arg_Err_Int_KeywordsLongObjectParseStringString_Tuple
                                                                                        • String ID: OO&:scan_once$first argument must be a string, not %.80s
                                                                                        • API String ID: 2740004086-585280560
                                                                                        • Opcode ID: c76ffa06ccff4dc157d6979f018eea6c5f53d05477ce4101d50468a4d6466d1d
                                                                                        • Instruction ID: b738acf4ce142c515920bfd5d1b5ee7321e3b596a792b0882d50f577e6bdfeaf
                                                                                        • Opcode Fuzzy Hash: c76ffa06ccff4dc157d6979f018eea6c5f53d05477ce4101d50468a4d6466d1d
                                                                                        • Instruction Fuzzy Hash: EB318475902209BFD748DFB4D8429ABBBB8EB4530CB1045ACE809C6720F7329A16CB60
                                                                                        Function 6CCA24F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,s*|zO:charmap_decode,?,?,?), ref: 6CCA2514
                                                                                        • PyUnicodeUCS2_DecodeCharmap.PYTHON27(?,?,?,?), ref: 6CCA2543
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_CharmapDecodeParseSizeTuple_Unicode
                                                                                        • String ID: s*|zO:charmap_decode
                                                                                        • API String ID: 2828756669-2412081656
                                                                                        • Opcode ID: f8de40ae2cdd7bdab41dc7ae342de61033f9f11fdd27605fc24b7e787512b1ba
                                                                                        • Instruction ID: ef4970e62d0ae33e7e1f98c564149572abb2d8b6e36fbd3cec209a2be7a5fda0
                                                                                        • Opcode Fuzzy Hash: f8de40ae2cdd7bdab41dc7ae342de61033f9f11fdd27605fc24b7e787512b1ba
                                                                                        • Instruction Fuzzy Hash: BE21B672E011056FDB04DFD9D8D98AE77B9FF88324B10426CE91DC7650E630DA06C791
                                                                                        Function 6CD00DB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6CD00DD6
                                                                                        • Py_BuildValue.PYTHON27((iO),00000001,?), ref: 6CD00E27
                                                                                        • PyEval_CallObjectWithKeywords.PYTHON27(?,00000000,00000000), ref: 6CD00E4B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuildCallCurrentEval_KeywordsObjectThreadValueWith
                                                                                        • String ID: (iO)
                                                                                        • API String ID: 4089372107-915891140
                                                                                        • Opcode ID: c99e908da4145b75e8306dd64dd4b03845bedb8d1cf794c0b98e761ca1fb5e6f
                                                                                        • Instruction ID: f7df8aa8d0975be4d4532970d183cac0217c81ec621cccad305bb60069ead171
                                                                                        • Opcode Fuzzy Hash: c99e908da4145b75e8306dd64dd4b03845bedb8d1cf794c0b98e761ca1fb5e6f
                                                                                        • Instruction Fuzzy Hash: D8213A72F20201EBD7108FA9D885B4677F8EB46378F100364E51897AA0E375E945CBE1
                                                                                        Function 6CD69E50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(<dummy key>,00000000,E8526CEE,?,?,6CD3F060,00000000,?,?,?,6CD3F1E2,?), ref: 6CD69E66
                                                                                        • memset.MSVCR90 ref: 6CD69EB2
                                                                                        • PyObject_GC_Track.PYTHON27 ref: 6CD69EDA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromObject_StringString_Trackmemset
                                                                                        • String ID: <dummy key>
                                                                                        • API String ID: 733772200-4195026744
                                                                                        • Opcode ID: 375165985f7e67b1681268cf0be5bf5bb8616ed6243960c91aa5e79a9ed8aa39
                                                                                        • Instruction ID: e80ec7f56c23b040dd3338efab35f2171e258c2738a9282d84373b7f016c03fc
                                                                                        • Opcode Fuzzy Hash: 375165985f7e67b1681268cf0be5bf5bb8616ed6243960c91aa5e79a9ed8aa39
                                                                                        • Instruction Fuzzy Hash: 4C21B4B19113008FEF14CF59D8C174677E4AB05328F154266EC188FE96E379E905CBA1
                                                                                        Function 6CCA2430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,s*|z:ascii_decode,?,?), ref: 6CCA244E
                                                                                        • PyUnicodeUCS2_DecodeASCII.PYTHON27(?,?,00000000), ref: 6CCA246D
                                                                                        • _Py_BuildValue_SizeT.PYTHON27(6CDEA948,00000000,?), ref: 6CCA24C1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Size$Arg_BuildDecodeParseTuple_UnicodeValue_
                                                                                        • String ID: s*|z:ascii_decode
                                                                                        • API String ID: 221429529-3412250790
                                                                                        • Opcode ID: 0640d3db3fb29cf1385f41b0cbd6fa98e3efec9d6f3e37a74c43e4b2fa9f6365
                                                                                        • Instruction ID: 582724ccc00c99279da8c0fdfc63e5f3a59fec2a769778c65ffef4c0cf1e7e11
                                                                                        • Opcode Fuzzy Hash: 0640d3db3fb29cf1385f41b0cbd6fa98e3efec9d6f3e37a74c43e4b2fa9f6365
                                                                                        • Instruction Fuzzy Hash: D021C5B1B0111A6FDB14DBA5DC99CAA73B9EF84328B144268E81D97B40F730DD06C7A1
                                                                                        Function 6CD2E710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E731
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,'%.200s' object doesn't support slice deletion,?), ref: 6CD2E7AA
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2E72B
                                                                                        • '%.200s' object doesn't support slice deletion, xrefs: 6CD2E7A4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatString
                                                                                        • String ID: '%.200s' object doesn't support slice deletion$null argument to internal routine
                                                                                        • API String ID: 4212644371-114744853
                                                                                        • Opcode ID: c8b24f274207b1c3ee87dd475b4111237326195783cc44f23bbef1096a41d1c0
                                                                                        • Instruction ID: b65d52650b4dcadcf8690826c80ef0fff8261a3e2bd0825e8089f0747327f678
                                                                                        • Opcode Fuzzy Hash: c8b24f274207b1c3ee87dd475b4111237326195783cc44f23bbef1096a41d1c0
                                                                                        • Instruction Fuzzy Hash: 6D11EB767006009BD710DF6AEC80B5673B8DF8033EF144725EA6C87EA0E778E84586E0
                                                                                        Function 6CD2F6A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttr.PYTHON27(?,?), ref: 6CD2F6B4
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F73A
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2F734
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttrErr_Object_String
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 3019503910-2212441169
                                                                                        • Opcode ID: 572fe26f73e9a24a8a8125b7d533275edf251865742a4797fd792bc909004cfa
                                                                                        • Instruction ID: 9e1df499d6849d180d28801cfb52100395eecede63a6b8cce6c96e4291f61d47
                                                                                        • Opcode Fuzzy Hash: 572fe26f73e9a24a8a8125b7d533275edf251865742a4797fd792bc909004cfa
                                                                                        • Instruction Fuzzy Hash: 231129766001219BD7049FA5EC40ED733B4EB8023CB140728EA6887BA0E738ED46C7D0
                                                                                        Function 6CCB87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|nn:scanner,?,?,?), ref: 6CCB87E8
                                                                                        • PyObject_Malloc.PYTHON27(00000368), ref: 6CCB8801
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCB880D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_Err_MallocMemoryObject_ParseSizeTuple_
                                                                                        • String ID: O|nn:scanner
                                                                                        • API String ID: 3578119790-1243287501
                                                                                        • Opcode ID: 8030992d30af4af4cc7b0ab64cdca8c975dfcdfbcbfbc915447500834e09f1e0
                                                                                        • Instruction ID: 405cf32d687df6da9890d8c3188be994043b2cd9e634a5da5cd3035ae035def1
                                                                                        • Opcode Fuzzy Hash: 8030992d30af4af4cc7b0ab64cdca8c975dfcdfbcbfbc915447500834e09f1e0
                                                                                        • Instruction Fuzzy Hash: DC2196B2A04109AFCB00DFD9DC809DAB7BCEB44728B148297E8199B645E631D90587E1
                                                                                        Function 6CCA2F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:latin_1_encode,?,?), ref: 6CCA2F9E
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2FB4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_FromObjectParseSizeTuple_Unicode
                                                                                        • String ID: O|z:latin_1_encode
                                                                                        • API String ID: 22654875-4126519268
                                                                                        • Opcode ID: 9b4481cb051b96d9312547446b13751ff7d2f6ee1e1c7c06e3826830442a3abb
                                                                                        • Instruction ID: d8d51e4292aeaf4be480d50341171c520791442b72499db666e4c2b42dcfe04c
                                                                                        • Opcode Fuzzy Hash: 9b4481cb051b96d9312547446b13751ff7d2f6ee1e1c7c06e3826830442a3abb
                                                                                        • Instruction Fuzzy Hash: 3221E4B5A00105AFD700DB99DC49E8E77B8EF88324F1442A4E80C97751F730EE0AC7A1
                                                                                        Function 6CCA3030 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:ascii_encode,?,?), ref: 6CCA304E
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA3064
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_FromObjectParseSizeTuple_Unicode
                                                                                        • String ID: O|z:ascii_encode
                                                                                        • API String ID: 22654875-646729116
                                                                                        • Opcode ID: 915534edd3aade9dd63d193ae9bd2ca1b3f0d3aa75a5ca8d8cf11691bdf15621
                                                                                        • Instruction ID: 5a1db56a91d1296aae5a050dfcc69db0808440ea0e7c1b1aa08e903a0738fb50
                                                                                        • Opcode Fuzzy Hash: 915534edd3aade9dd63d193ae9bd2ca1b3f0d3aa75a5ca8d8cf11691bdf15621
                                                                                        • Instruction Fuzzy Hash: 9C21B4B5A00105AFD700DB99DC45E9A77F8EF84324F1942A4E80C97751F731EE0AC7A1
                                                                                        Function 6CCA2E20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,O|z:unicode_escape_encode,?,?), ref: 6CCA2E3E
                                                                                        • PyUnicodeUCS2_FromObject.PYTHON27(?), ref: 6CCA2E54
                                                                                        Strings
                                                                                        • O|z:unicode_escape_encode, xrefs: 6CCA2E31
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_FromObjectParseSizeTuple_Unicode
                                                                                        • String ID: O|z:unicode_escape_encode
                                                                                        • API String ID: 22654875-2688519145
                                                                                        • Opcode ID: 0f6b11d04c469403b7e9c18bbb711150e32adb4ba635d041c5a467ae5b4909d9
                                                                                        • Instruction ID: de55b2675fe7ba98818e9f027d84dde5e965df7842ee8f32967c305f005ae316
                                                                                        • Opcode Fuzzy Hash: 0f6b11d04c469403b7e9c18bbb711150e32adb4ba635d041c5a467ae5b4909d9
                                                                                        • Instruction Fuzzy Hash: 2011D675A00115AFD700DB99DC59E8E73B9EF84329F2542A4E80C97B50F731EE46C7A1
                                                                                        Function 6CD2E4D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine,?,?,6CD2B400,?,00000000,?), ref: 6CD2E4F1
                                                                                        Strings
                                                                                        • '%.200s' object does not support item assignment, xrefs: 6CD2E54F
                                                                                        • null argument to internal routine, xrefs: 6CD2E4EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: '%.200s' object does not support item assignment$null argument to internal routine
                                                                                        • API String ID: 1450464846-3379225667
                                                                                        • Opcode ID: be67a136d40d704f7964dfd21dbe2c85bda8cc47d3e619a82500c5d348ecc0e9
                                                                                        • Instruction ID: d6abf46a5158d470689513cae647a3114022a1cded1aa64d3b64bb3b61c5bb32
                                                                                        • Opcode Fuzzy Hash: be67a136d40d704f7964dfd21dbe2c85bda8cc47d3e619a82500c5d348ecc0e9
                                                                                        • Instruction Fuzzy Hash: 0311A77A7106109BC700CFA9FC80D5673B8EFC4639714472AEA2C87EA0E635E94586A0
                                                                                        Function 6CD2E570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine,?,?,6CD2B4E5,?,00000000), ref: 6CD2E591
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2E58B
                                                                                        • '%.200s' object doesn't support item deletion, xrefs: 6CD2E5ED
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: '%.200s' object doesn't support item deletion$null argument to internal routine
                                                                                        • API String ID: 1450464846-2772571300
                                                                                        • Opcode ID: c83f70a25181ed1f20b4988ac2c960cdb9debb1ab37ffa0c97595253ee6a2dd3
                                                                                        • Instruction ID: e35db0cd26640e17be80eb428c77f23490bafc1e9f0dab3087dde4afad3a6a5a
                                                                                        • Opcode Fuzzy Hash: c83f70a25181ed1f20b4988ac2c960cdb9debb1ab37ffa0c97595253ee6a2dd3
                                                                                        • Instruction Fuzzy Hash: 2011E97A7145009BC710CB7AFC80A5673B8DFC463DB140726FA2C87EA0E735E95586E0
                                                                                        Function 6CCA26B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,s#|z:readbuffer_encode,?,?,?), ref: 6CCA26D2
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,?), ref: 6CCA26EE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Size$Arg_FromParseStringString_Tuple_
                                                                                        • String ID: s#|z:readbuffer_encode
                                                                                        • API String ID: 2714287502-3227709264
                                                                                        • Opcode ID: 81e95a4dcedf824328dcb14a4abb89a4ab79d4f88ce35ed038c9f26b81f21bb6
                                                                                        • Instruction ID: 68484161246bd845ed98a4c897e066db00fb9a3df52f07f0231933eb1088273e
                                                                                        • Opcode Fuzzy Hash: 81e95a4dcedf824328dcb14a4abb89a4ab79d4f88ce35ed038c9f26b81f21bb6
                                                                                        • Instruction Fuzzy Hash: 98019EB6A001196BCB10DADAAC45DDA77BCEB84229F0442A5EC1CC7B40F6309A19C3E1
                                                                                        Function 6CCA2730 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,t#|z:charbuffer_encode,?,?,?), ref: 6CCA2752
                                                                                        • PyString_FromStringAndSize.PYTHON27(?,?), ref: 6CCA276E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Size$Arg_FromParseStringString_Tuple_
                                                                                        • String ID: t#|z:charbuffer_encode
                                                                                        • API String ID: 2714287502-2725689005
                                                                                        • Opcode ID: 1d6b999936615cb5f7903b1e4106d3ff3153248fb226b5ba5c240753faacc09b
                                                                                        • Instruction ID: 895e5c6f7c5b8e482d01712dcfb8a04eea37a0dd6b7c4054b1d27463327b2490
                                                                                        • Opcode Fuzzy Hash: 1d6b999936615cb5f7903b1e4106d3ff3153248fb226b5ba5c240753faacc09b
                                                                                        • Instruction Fuzzy Hash: CF019EB6A0011A6BCB10DBDAAC45DDA77BCDB95229F0442A5EC1CC3B40F6319A1983E1
                                                                                        Function 6CD6BF50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BF71
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BF83
                                                                                        • _PyErr_BadInternalCall.PYTHON27(..\Objects\setobject.c,00000925), ref: 6CD6BF99
                                                                                          • Part of subcall function 6CDC0890: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,?,6CD6BD4E,?,6CD6BD4E,..\Objects\setobject.c,000008F0), ref: 6CDC08AA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_SubtypeType_$CallFormatInternal
                                                                                        • String ID: ..\Objects\setobject.c
                                                                                        • API String ID: 3748510839-1817486985
                                                                                        • Opcode ID: 45572fd30b4897e2366e71ced65969ffee0e928474987418665834ef13233c6f
                                                                                        • Instruction ID: 90f4e8d27a8f73a09f261cdd965611284468e168d479906fafb522028a7d8d86
                                                                                        • Opcode Fuzzy Hash: 45572fd30b4897e2366e71ced65969ffee0e928474987418665834ef13233c6f
                                                                                        • Instruction Fuzzy Hash: 3A01D876600105BB8A00974AFC419D973AD9F8417EF158121F81CDBFE1E372F95685E1
                                                                                        Function 6CCAD0F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(-Infinity,?,?,?,?,6CCAD862,FFFFFFFD,0000003A,?,?), ref: 6CCAD0F9
                                                                                        • PyString_InternInPlace.PYTHON27(?,?), ref: 6CCAD10C
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(?,?,00000000,?,?,?), ref: 6CCAD12E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$ArgsCallFromFunctionInternObject_PlaceString
                                                                                        • String ID: -Infinity
                                                                                        • API String ID: 4070845078-3424019370
                                                                                        • Opcode ID: 2b0c8ebd2fafefe24145040cdd019c3d98813896385f9fe7694ea595a8c3a5a1
                                                                                        • Instruction ID: ab2a270c28d9bd006f6adf04d9dbf5ce0cd14d63f22b428c83d5e897614957f8
                                                                                        • Opcode Fuzzy Hash: 2b0c8ebd2fafefe24145040cdd019c3d98813896385f9fe7694ea595a8c3a5a1
                                                                                        • Instruction Fuzzy Hash: 3301A7B2A012056BD710DF99DC4199BB3A8EF85338B140269ED1D87740F631EE16C7E1
                                                                                        Function 6CD2B550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CD2B564
                                                                                        • PyObject_DelItem.PYTHON27(?,00000000), ref: 6CD2B57B
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2B5B3
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2B5AD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Err_FromItemObject_String_
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 1374695092-2212441169
                                                                                        • Opcode ID: fc4f5d14d2aba666d6410d966c3c96ef682f1aecff97136ed2e023413265419e
                                                                                        • Instruction ID: a2e6de93a3f164bec92182c9691aafcb5aec26ae8edd0db9cc443addf0c03079
                                                                                        • Opcode Fuzzy Hash: fc4f5d14d2aba666d6410d966c3c96ef682f1aecff97136ed2e023413265419e
                                                                                        • Instruction Fuzzy Hash: CE01F976B04504A7C7005B6EEC4098633B9DFC537CB140725F62D8BBE0E779E94586E0
                                                                                        Function 6CDD1D00 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Python\pystrtod.c,000004D5), ref: 6CDD1DE4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Python\pystrtod.c$e
                                                                                        • API String ID: 376477240-3173659257
                                                                                        • Opcode ID: feab6570db74229254da4915328084d4ff3187b4fa1db782275a8dac526063f2
                                                                                        • Instruction ID: 93c7ea383535f61ab94bd25b2924b54cac3a9695041df830812b48e8e4b59dc2
                                                                                        • Opcode Fuzzy Hash: feab6570db74229254da4915328084d4ff3187b4fa1db782275a8dac526063f2
                                                                                        • Instruction Fuzzy Hash: 77014763A105685BC700AEA8CC42DE737FCDB09224F054A85FD60E3351EB38DD2143E2
                                                                                        Function 6CD2EF60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2EF81
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CD2EF90
                                                                                        • PyObject_SetItem.PYTHON27(?,00000000,?), ref: 6CD2EFAE
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2EF7B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Err_FromItemObject_String_
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 1374695092-2212441169
                                                                                        • Opcode ID: 0bb0ccd7b728be710fa9264f6ce51b61b44f654f1bff6ed3eb0ce6747a5ad6c9
                                                                                        • Instruction ID: 33e348083df63f39317c9f6b426d73f25004bd009674831b5695a397e527487f
                                                                                        • Opcode Fuzzy Hash: 0bb0ccd7b728be710fa9264f6ce51b61b44f654f1bff6ed3eb0ce6747a5ad6c9
                                                                                        • Instruction Fuzzy Hash: E301D676A0021497C720DBBAAC4498733A9DB8137DB140725F92C87F90E739E94586E0
                                                                                        Function 6CD8A8E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_CallFunction_SizeT.PYTHON27(6CEE5F20,su#nns,?,00000000,00000000,6CD57763,6CD57763,000000FF,000000FF,?,6CD8A9E5,00000000,00000000,?,00000000,?), ref: 6CD8A904
                                                                                          • Part of subcall function 6CD2F2F0: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F317
                                                                                        • PyUnicodeEncodeError_SetReason.PYTHON27(000000FF,000000FF,000000FF,?,6CD8A9E5,00000000,00000000,?,00000000,?,?,6CD57763,?,6CD8D75E,6CD57763,6CD57763), ref: 6CD8A91C
                                                                                        Strings
                                                                                        • _lsys.float_infoA structseq holding information about the float type. It contains low levelinformation about the precision and internal representation. Please studyyour system's :file:`float.h` for more information., xrefs: 6CD8A8F7
                                                                                        • su#nns, xrefs: 6CD8A8FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallEncodeErr_Error_Function_Object_ReasonSizeStringUnicode
                                                                                        • String ID: _lsys.float_infoA structseq holding information about the float type. It contains low levelinformation about the precision and internal representation. Please studyyour system's :file:`float.h` for more information.$su#nns
                                                                                        • API String ID: 334710814-2788084165
                                                                                        • Opcode ID: 67c4208f1df0374908639a85bf26282f5a67971e2c9025f77af2429274d840af
                                                                                        • Instruction ID: af4d9158b0f4eeda35ba644548f758d285b57d9e3c30b951d49568b164b74641
                                                                                        • Opcode Fuzzy Hash: 67c4208f1df0374908639a85bf26282f5a67971e2c9025f77af2429274d840af
                                                                                        • Instruction Fuzzy Hash: 60014FB5505202AFE754CF9AEC40D5277F8AF99328B21461DF99CC76A0E731E841CB60
                                                                                        Function 6CCAA5B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: isdigitmallocmemmove
                                                                                        • String ID: $Revision$
                                                                                        • API String ID: 1441860961-3178937091
                                                                                        • Opcode ID: 8dd1bd94cfbe7fce0b2eb527b6d0eec1f9492531ab076820e253318bd5ca2f1f
                                                                                        • Instruction ID: 4302d7a7aa1c0a1db9e53754df362a2229a0fe0957e6b4e8faec5026e2573270
                                                                                        • Opcode Fuzzy Hash: 8dd1bd94cfbe7fce0b2eb527b6d0eec1f9492531ab076820e253318bd5ca2f1f
                                                                                        • Instruction Fuzzy Hash: ED0149101096831EF7210AA54C887677FB8AB8B31CF140065DCD583502E225D447DBB8
                                                                                        Function 6CCAA0C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_ParseTuple.PYTHON27(?,ss:addinfo,?,?), ref: 6CCAA0DA
                                                                                        • PyErr_SetString.PYTHON27(?,profiler already closed), ref: 6CCAA0FC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_Err_ParseStringTuple
                                                                                        • String ID: profiler already closed$ss:addinfo
                                                                                        • API String ID: 385655187-3850335802
                                                                                        • Opcode ID: bf7c2e749e423c5746fce8d4f604b75bb1eb3dadcb90ac1aec75cd776a95fa6a
                                                                                        • Instruction ID: bc273d0755b71e64fd90e11c8f4e9d0811e51c3a1d9c48f20980a7dc1c1affdd
                                                                                        • Opcode Fuzzy Hash: bf7c2e749e423c5746fce8d4f604b75bb1eb3dadcb90ac1aec75cd776a95fa6a
                                                                                        • Instruction Fuzzy Hash: 17F0C8B6E00214BB9B00DBD9EC85CEE737CDB48209F044255ED08D7B00F631AA15CBE1
                                                                                        Function 6CD87800 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\unicodeobject.c,00000457,00000000,?,?,6CCAFC12,?,00000000,?), ref: 6CD87824
                                                                                        • memcpy.MSVCR90(?,?,?,00000000,?,?,6CCAFC12,?,00000000,?), ref: 6CD8784E
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD8781E
                                                                                        • ..\Objects\unicodeobject.c, xrefs: 6CD87819
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Formatmemcpy
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\unicodeobject.c
                                                                                        • API String ID: 347768829-2140310296
                                                                                        • Opcode ID: e1a82a420c10ef509b2c763b41e354ccf5f22bd3c1e7da8164fd339a0ea2f8a1
                                                                                        • Instruction ID: 417e5caf0ea24c25079bb83f60d63e0bd21b40753bcf2cc231cb0416012e4a82
                                                                                        • Opcode Fuzzy Hash: e1a82a420c10ef509b2c763b41e354ccf5f22bd3c1e7da8164fd339a0ea2f8a1
                                                                                        • Instruction Fuzzy Hash: 94F0F436B05905AB8610DFADDC40C96F3B8EB853787418716FD3897790EB60FC5586D0
                                                                                        Function 6CD5D880 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyLong_AsLongAndOverflow.PYTHON27(6CD5046B,?,-000000FF,00000000,6CD5046B,00000000), ref: 6CD5D894
                                                                                          • Part of subcall function 6CD5D640: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,000000F4), ref: 6CD5D67A
                                                                                        • PyString_FromString.PYTHON27(Python int too large to convert to C int), ref: 6CD5D8B9
                                                                                        • PyErr_SetObject.PYTHON27(6CEE63F8,00000000,?,-000000FF,00000000,6CD5046B,00000000), ref: 6CD5D8C5
                                                                                        Strings
                                                                                        • Python int too large to convert to C int, xrefs: 6CD5D8B4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatFromLongLong_ObjectOverflowStringString_
                                                                                        • String ID: Python int too large to convert to C int
                                                                                        • API String ID: 2904087310-2521127726
                                                                                        • Opcode ID: 04c95da98ecc8a938d7791dfd92dd3f797fa89a9dfcec0962212eadd400f19f1
                                                                                        • Instruction ID: e688f41b31f489b552f14c89a4c0b567870bc975204807142b0c184ca37de16e
                                                                                        • Opcode Fuzzy Hash: 04c95da98ecc8a938d7791dfd92dd3f797fa89a9dfcec0962212eadd400f19f1
                                                                                        • Instruction Fuzzy Hash: 0DF02872D001009FCA149B29AD05A9A7768DB81338F100728FC79076E0EB30E919C7F2
                                                                                        Function 6CD5D810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyLong_AsLongAndOverflow.PYTHON27(6CD571C0,?,?,00000000,?,?,?,6CD571C0,00000000,?,00000000), ref: 6CD5D823
                                                                                          • Part of subcall function 6CD5D640: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\longobject.c,000000F4), ref: 6CD5D67A
                                                                                        • PyString_FromString.PYTHON27(Python int too large to convert to C long), ref: 6CD5D83F
                                                                                        • PyErr_SetObject.PYTHON27(6CEE63F8,00000000,?,6CD571C0,00000000,?,00000000), ref: 6CD5D84B
                                                                                        Strings
                                                                                        • Python int too large to convert to C long, xrefs: 6CD5D83A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatFromLongLong_ObjectOverflowStringString_
                                                                                        • String ID: Python int too large to convert to C long
                                                                                        • API String ID: 2904087310-1537553212
                                                                                        • Opcode ID: 5012f19762384dee17e138e3d2662d0b58edc4b8ac8380288bd09730941b169c
                                                                                        • Instruction ID: 9630763787dcd7eca3a2066de3f14c731e4c63552adf98facc5d8fd7535ac31e
                                                                                        • Opcode Fuzzy Hash: 5012f19762384dee17e138e3d2662d0b58edc4b8ac8380288bd09730941b169c
                                                                                        • Instruction Fuzzy Hash: EEF0F6B6A05104ABDA108B96AC408A7B3ACDB95178F504328FD6C87790E731ED15C7F3
                                                                                        Function 6CD2D4D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2D4F0
                                                                                        Strings
                                                                                        • bad operand type for unary +: '%.200s', xrefs: 6CD2D51E
                                                                                        • null argument to internal routine, xrefs: 6CD2D4EA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: bad operand type for unary +: '%.200s'$null argument to internal routine
                                                                                        • API String ID: 1450464846-2582373171
                                                                                        • Opcode ID: 92a29bcca5f9fb59ae5911b85799518d96936dbdc99675baace68208785ee83b
                                                                                        • Instruction ID: dab87c4bc3cb0bbd7436464d15cc54101eba0670e7c191d4ff3ed37977c48a91
                                                                                        • Opcode Fuzzy Hash: 92a29bcca5f9fb59ae5911b85799518d96936dbdc99675baace68208785ee83b
                                                                                        • Instruction Fuzzy Hash: 66F0B4B8B102019BD704CBB5ED80D1673B9EFC461C3288668E90C87B12EA3AF951CA50
                                                                                        Function 6CD2D470 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2D490
                                                                                        Strings
                                                                                        • bad operand type for unary -: '%.200s', xrefs: 6CD2D4BE
                                                                                        • null argument to internal routine, xrefs: 6CD2D48A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: bad operand type for unary -: '%.200s'$null argument to internal routine
                                                                                        • API String ID: 1450464846-3866959385
                                                                                        • Opcode ID: d51165341a0736d0e6e12bc69b2713472fd74cecd7dca5ed3e050b3429f55d5d
                                                                                        • Instruction ID: e5c4949cb3bc49f995ef9a7cc2b3efb7020089269ae12a155fd78f97fbbe9251
                                                                                        • Opcode Fuzzy Hash: d51165341a0736d0e6e12bc69b2713472fd74cecd7dca5ed3e050b3429f55d5d
                                                                                        • Instruction Fuzzy Hash: CAF0B478B102019BD704CFB1E880D1273B9EF8461C328C96CE90C87B11EA3AF952CAA4
                                                                                        Function 6CD2D590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2D5B0
                                                                                        Strings
                                                                                        • bad operand type for abs(): '%.200s', xrefs: 6CD2D5DE
                                                                                        • null argument to internal routine, xrefs: 6CD2D5AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: bad operand type for abs(): '%.200s'$null argument to internal routine
                                                                                        • API String ID: 1450464846-3968165083
                                                                                        • Opcode ID: 7b1580b4709a0fc9539d3f165746dbaba2185cc095ca286b5ea9e92d3a489099
                                                                                        • Instruction ID: eb555b21158ba3a6e4ac6786bcd9f192ec1a82881769289be1611864c72520b7
                                                                                        • Opcode Fuzzy Hash: 7b1580b4709a0fc9539d3f165746dbaba2185cc095ca286b5ea9e92d3a489099
                                                                                        • Instruction Fuzzy Hash: 95F0B4B8B102019BD704DBB1E980D2273B9EF8525C3288568E91C87B11FA3AE951CAA4
                                                                                        Function 6CD2D530 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2D550
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2D54A
                                                                                        • bad operand type for unary ~: '%.200s', xrefs: 6CD2D57E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: bad operand type for unary ~: '%.200s'$null argument to internal routine
                                                                                        • API String ID: 1450464846-122179322
                                                                                        • Opcode ID: 8b41d8e3910d527d5c63e22b5936037d728771536832c39257702f86ba132c5c
                                                                                        • Instruction ID: 9ad2a0989a10de452d4d754f5be92c8b387c361f20d2bd2b0718b06c6020cfae
                                                                                        • Opcode Fuzzy Hash: 8b41d8e3910d527d5c63e22b5936037d728771536832c39257702f86ba132c5c
                                                                                        • Instruction Fuzzy Hash: 18F0B4B9B102019BE704CBB5E980D2633B9EF8525C3288568E90C87B11FA3AF951CA94
                                                                                        Function 6CD2EE70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine,?,6CD2B11B,?), ref: 6CD2EE90
                                                                                        Strings
                                                                                        • object of type '%.200s' has no len(), xrefs: 6CD2EEBE
                                                                                        • null argument to internal routine, xrefs: 6CD2EE8A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: null argument to internal routine$object of type '%.200s' has no len()
                                                                                        • API String ID: 1450464846-3626758343
                                                                                        • Opcode ID: 7fde93df3a46c2d3d63af8d4365780ce55611536fc3c1f07ce620570fa169857
                                                                                        • Instruction ID: 16d7a1f709ab69b05fc6bec1340ba2ec4e0c26b46e9f6e8ecd62553f8fe0df3c
                                                                                        • Opcode Fuzzy Hash: 7fde93df3a46c2d3d63af8d4365780ce55611536fc3c1f07ce620570fa169857
                                                                                        • Instruction Fuzzy Hash: CEF09674B001019BD704CB75E880D5533B9AB8532C3288B58E92C87BA1EA35E951D690
                                                                                        Function 6CD2DF70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2DF90
                                                                                        Strings
                                                                                        • object of type '%.200s' has no len(), xrefs: 6CD2DFBE
                                                                                        • null argument to internal routine, xrefs: 6CD2DF8A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: null argument to internal routine$object of type '%.200s' has no len()
                                                                                        • API String ID: 1450464846-3626758343
                                                                                        • Opcode ID: 7a5b4390d7c880d1a84ff0c2eb9c90b83d8782dde4c4bbb1344e3621ef1f5d12
                                                                                        • Instruction ID: 7786bb194970c3ecd7e53e8366761dde0aec001c0eed1844e7a6fefc80963989
                                                                                        • Opcode Fuzzy Hash: 7a5b4390d7c880d1a84ff0c2eb9c90b83d8782dde4c4bbb1344e3621ef1f5d12
                                                                                        • Instruction Fuzzy Hash: 18F09675B001019BD704CB65E980D5573F99F8432C3288B58F92C87BA1EB39E951C6A4
                                                                                        Function 6CD391C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,PyCapsule_GetPointer called with invalid PyCapsule object), ref: 6CD391E6
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,PyCapsule_GetPointer called with incorrect name), ref: 6CD3920E
                                                                                        Strings
                                                                                        • PyCapsule_GetPointer called with invalid PyCapsule object, xrefs: 6CD391E0
                                                                                        • PyCapsule_GetPointer called with incorrect name, xrefs: 6CD39208
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: PyCapsule_GetPointer called with incorrect name$PyCapsule_GetPointer called with invalid PyCapsule object
                                                                                        • API String ID: 1450464846-428115879
                                                                                        • Opcode ID: 2fc3b76d3647a7578928a9e55f601c04b4dde70b14ea3e1215e05d4e8fb0c86f
                                                                                        • Instruction ID: 0639bd2e500d64625bf28ae0e18a790d2b669fc760df0ee11c8ce75e27b02fba
                                                                                        • Opcode Fuzzy Hash: 2fc3b76d3647a7578928a9e55f601c04b4dde70b14ea3e1215e05d4e8fb0c86f
                                                                                        • Instruction Fuzzy Hash: 3FF0E976B405259B8B00DBF8EC48D9673B8AB052A93184421FE0DDBB21FA30E804C7E0
                                                                                        Function 6CCB8DE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(00000000,'%c' format requires 0 <= number <= %zu), ref: 6CCB8E0D
                                                                                        • PyErr_Format.PYTHON27(00000000,'%c' format requires %zd <= number <= %zd), ref: 6CCB8E2F
                                                                                        Strings
                                                                                        • '%c' format requires %zd <= number <= %zd, xrefs: 6CCB8E29
                                                                                        • '%c' format requires 0 <= number <= %zu, xrefs: 6CCB8E07
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: '%c' format requires %zd <= number <= %zd$'%c' format requires 0 <= number <= %zu
                                                                                        • API String ID: 376477240-2382652346
                                                                                        • Opcode ID: 5b2ede98ec59ecb8acc9c1f2ebb7293123c41328c662c4a197bb3ac4afd87e99
                                                                                        • Instruction ID: 3227905c7957dbbdc12a0dd4e979b61f0b9aca9d216e273195c49aed26f9ae36
                                                                                        • Opcode Fuzzy Hash: 5b2ede98ec59ecb8acc9c1f2ebb7293123c41328c662c4a197bb3ac4afd87e99
                                                                                        • Instruction Fuzzy Hash: 95F05CF59200842BEA0CD67CDC61F3E77AC8B05334F14CB5CB938C6AD1DA28D151C6A0
                                                                                        Function 6CD6BD00 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BD21
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BD33
                                                                                        • _PyErr_BadInternalCall.PYTHON27(..\Objects\setobject.c,000008F0), ref: 6CD6BD49
                                                                                          • Part of subcall function 6CDC0890: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,?,6CD6BD4E,?,6CD6BD4E,..\Objects\setobject.c,000008F0), ref: 6CDC08AA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_SubtypeType_$CallFormatInternal
                                                                                        • String ID: ..\Objects\setobject.c
                                                                                        • API String ID: 3748510839-1817486985
                                                                                        • Opcode ID: 1e89d4260fc0fda21bd7d6ad8a1ca114c11092b5e1db3e69a1cfc80761295433
                                                                                        • Instruction ID: 7685eb004cbbb34d2148f8b170dd6608d3759085ab9fae3e7e3df6aef2682edb
                                                                                        • Opcode Fuzzy Hash: 1e89d4260fc0fda21bd7d6ad8a1ca114c11092b5e1db3e69a1cfc80761295433
                                                                                        • Instruction Fuzzy Hash: 5AF02733540151778900535AFC02989B3284E100BEF158231F91CAAEB2E762B81A85F2
                                                                                        Function 6CCB9ED0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyFloat_AsDouble.PYTHON27(?), ref: 6CCB9EDA
                                                                                          • Part of subcall function 6CD50B70: PyType_IsSubtype.PYTHON27(04C48318,?,?,00000000,?,6CD40CAA,?,?,?,?), ref: 6CD50B90
                                                                                        • PyErr_SetString.PYTHON27(00000000,required argument is not a float), ref: 6CCB9F0B
                                                                                        • _PyFloat_Pack4.PYTHON27(?,00000001), ref: 6CCB9F26
                                                                                        Strings
                                                                                        • required argument is not a float, xrefs: 6CCB9F05
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Float_$DoubleErr_Pack4StringSubtypeType_
                                                                                        • String ID: required argument is not a float
                                                                                        • API String ID: 2049945616-2628405891
                                                                                        • Opcode ID: a06b020b57cd54241f3b3d389767ebe275b6d83c6383dd1c3ea01d343cd31c8a
                                                                                        • Instruction ID: 50fb584f2ae48ab88896d38927bb7e79f136e5fcab906b7c1c86a6e592cd19e1
                                                                                        • Opcode Fuzzy Hash: a06b020b57cd54241f3b3d389767ebe275b6d83c6383dd1c3ea01d343cd31c8a
                                                                                        • Instruction Fuzzy Hash: 38F0E2B5E2000493CF00AB64EC86B6A3379EB42228F508794F95C47BD1FB32993987D2
                                                                                        Function 6CD6BE70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BE8B
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\setobject.c,0000090E), ref: 6CD6BEAC
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6BEA6
                                                                                        • ..\Objects\setobject.c, xrefs: 6CD6BEA1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatSubtypeType_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\setobject.c
                                                                                        • API String ID: 2789853835-1012936799
                                                                                        • Opcode ID: d06cace80bb0d90712325efc3be3650e7a1ac12d049351fcc43e1fda9df97aa9
                                                                                        • Instruction ID: 79ec5e265c70405042e526a5094abaad92c7624b9e595ec5a3248e8c260c4c11
                                                                                        • Opcode Fuzzy Hash: d06cace80bb0d90712325efc3be3650e7a1ac12d049351fcc43e1fda9df97aa9
                                                                                        • Instruction Fuzzy Hash: 4DF0A72BA4410467CA0097A9AD02899336C8745179F248B66FD28D7FD2EA21F95187E1
                                                                                        Function 6CCB9F40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyFloat_AsDouble.PYTHON27(?), ref: 6CCB9F4A
                                                                                          • Part of subcall function 6CD50B70: PyType_IsSubtype.PYTHON27(04C48318,?,?,00000000,?,6CD40CAA,?,?,?,?), ref: 6CD50B90
                                                                                        • PyErr_SetString.PYTHON27(00000000,required argument is not a float), ref: 6CCB9F7B
                                                                                        • _PyFloat_Pack8.PYTHON27(?,00000001), ref: 6CCB9F96
                                                                                        Strings
                                                                                        • required argument is not a float, xrefs: 6CCB9F75
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Float_$DoubleErr_Pack8StringSubtypeType_
                                                                                        • String ID: required argument is not a float
                                                                                        • API String ID: 2598805623-2628405891
                                                                                        • Opcode ID: d6bc7f89e65681b4de97923ef1d9531c33b8097f2e716277343269b4991bce00
                                                                                        • Instruction ID: 55e5ed59e0fab4ab5f030f2383b032285acca1e0993222a043aba0f09bdcdc71
                                                                                        • Opcode Fuzzy Hash: d6bc7f89e65681b4de97923ef1d9531c33b8097f2e716277343269b4991bce00
                                                                                        • Instruction Fuzzy Hash: 2FF0BEB5E2040493CE00AB64EC86B6A3379E782229F508794F95C06BD1FB32993986D2
                                                                                        Function 6CD2DD60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 2l
                                                                                        • API String ID: 0-3240831333
                                                                                        • Opcode ID: 0bc5bd63b29c9b3e2159e4fe4472a854c37283cf1a5c9106ac20ce13b7fdafb0
                                                                                        • Instruction ID: 7519b55253c335867c1dbae8ff15d2592edf88e7945fe2b8d021604571de8d18
                                                                                        • Opcode Fuzzy Hash: 0bc5bd63b29c9b3e2159e4fe4472a854c37283cf1a5c9106ac20ce13b7fdafb0
                                                                                        • Instruction Fuzzy Hash: CEF02762900604424A10272AAC0299633AC9F146DCB404769DD849AA20FB22E919C2F6
                                                                                        Function 6CD6BD60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6BD7B
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\setobject.c,000008FA), ref: 6CD6BD9C
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6BD96
                                                                                        • ..\Objects\setobject.c, xrefs: 6CD6BD91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatSubtypeType_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\setobject.c
                                                                                        • API String ID: 2789853835-1012936799
                                                                                        • Opcode ID: ffd0d8cb627d69c0f5a21619b3280baec486e7d000b5b9ff07beaffb7605044a
                                                                                        • Instruction ID: 9e00295c79164fb4049b55d6b25208b70f79a0dcf4452e51ea916287d320a86b
                                                                                        • Opcode Fuzzy Hash: ffd0d8cb627d69c0f5a21619b3280baec486e7d000b5b9ff07beaffb7605044a
                                                                                        • Instruction Fuzzy Hash: 1CE0E5A6954204678A00A7A9EC03896337C8B0527DF144BA6FC2DDBFD2FA55F91086E2
                                                                                        Function 6CD6C090 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6C0AB
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\setobject.c,00000942), ref: 6CD6C0CC
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6C0C6
                                                                                        • ..\Objects\setobject.c, xrefs: 6CD6C0C1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatSubtypeType_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\setobject.c
                                                                                        • API String ID: 2789853835-1012936799
                                                                                        • Opcode ID: b1f953c102fed406a497eb5baeeebbd26208a7c4db8c353966bceecf664a6cd5
                                                                                        • Instruction ID: b49dd5923281a17ccb7c3ca971f1649035d3391de66cfcc1b672e44ee2233a28
                                                                                        • Opcode Fuzzy Hash: b1f953c102fed406a497eb5baeeebbd26208a7c4db8c353966bceecf664a6cd5
                                                                                        • Instruction Fuzzy Hash: 67E0ABA2A04204278A00B7E97C03CD733BC8705138F004A56FC1CD7F42FA11FD1181E2
                                                                                        Function 6CD6C0F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyType_IsSubtype.PYTHON27(?,?), ref: 6CD6C10B
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\setobject.c,0000094C), ref: 6CD6C12C
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6C126
                                                                                        • ..\Objects\setobject.c, xrefs: 6CD6C121
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatSubtypeType_
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\setobject.c
                                                                                        • API String ID: 2789853835-1012936799
                                                                                        • Opcode ID: 1b933c32df4c6231f002161b34a6805ab563f96d608f53e2f3cf5971e4a3c46a
                                                                                        • Instruction ID: 8024e74652dc30eb6291ae4bf246c04b3bfc0d2dc3f190252f0b7c501ef7ec59
                                                                                        • Opcode Fuzzy Hash: 1b933c32df4c6231f002161b34a6805ab563f96d608f53e2f3cf5971e4a3c46a
                                                                                        • Instruction Fuzzy Hash: 11F0E562A04204678A00FBAAEC82C5577AC970517CF608755FC2CCBFD3EA25E91085F1
                                                                                        Function 6CDAE540 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_FatalError.PYTHON27(PyEval_RestoreThread: NULL tstate,?,?,6CDC67F6,00000000,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE550
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • _errno.MSVCR90 ref: 6CDAE569
                                                                                        • _errno.MSVCR90 ref: 6CDAE585
                                                                                        Strings
                                                                                        • PyEval_RestoreThread: NULL tstate, xrefs: 6CDAE54B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$__iob_func_errno$ErrorFatalabortfflushfprintf
                                                                                        • String ID: PyEval_RestoreThread: NULL tstate
                                                                                        • API String ID: 2486884445-2925922187
                                                                                        • Opcode ID: ab9efb8a8c3e2cbc08383c36ef9a621b2105fdf0f912a6ea66b8db492d0f3724
                                                                                        • Instruction ID: a655d508a440f010c6872d9c9aec5c489e6cd70e28aa667dda446a640bc12bd2
                                                                                        • Opcode Fuzzy Hash: ab9efb8a8c3e2cbc08383c36ef9a621b2105fdf0f912a6ea66b8db492d0f3724
                                                                                        • Instruction Fuzzy Hash: 4DF02731B101089FDB005F9EEC40A4577BCEB8A278B250136D61497760E731ED05DBF1
                                                                                        Function 6CDAE4E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_FatalError.PYTHON27(PyEval_SaveThread: NULL tstate,00000000,6CDC67DA,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE4FA
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 6CDAE516
                                                                                        • SetEvent.KERNEL32(?,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDAE524
                                                                                        Strings
                                                                                        • PyEval_SaveThread: NULL tstate, xrefs: 6CDAE4F5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$__iob_func$DecrementErrorEventFatalInterlockedabortfflushfprintf
                                                                                        • String ID: PyEval_SaveThread: NULL tstate
                                                                                        • API String ID: 3971291581-2054007492
                                                                                        • Opcode ID: d8047f73de72c211094f39358f13690a506c0425b8335111d811850ef82b878a
                                                                                        • Instruction ID: 1f181d76c5800eecb10a67d08b88268db46f43d3a3f1fd31a29beaa00676b5ca
                                                                                        • Opcode Fuzzy Hash: d8047f73de72c211094f39358f13690a506c0425b8335111d811850ef82b878a
                                                                                        • Instruction Fuzzy Hash: 2CE06D71B111129BEB908BE9F808B8AB7F8EB49665F058015E518D7B14E324D846C7A1
                                                                                        Function 6CCA59D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,"%s" must be an integer,quoting), ref: 6CCA59F0
                                                                                        • PyInt_AsLong.PYTHON27 ref: 6CCA59FE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatInt_Long
                                                                                        • String ID: "%s" must be an integer$quoting
                                                                                        • API String ID: 651860925-2813207715
                                                                                        • Opcode ID: 4439bff34f802c43c5c0f6c113c1abd096c616d63ef5524dc055cb929ec26012
                                                                                        • Instruction ID: 8a566183097abc5a8c2c955bbf22e927dd165bac6c6f5cb409938050611bfce5
                                                                                        • Opcode Fuzzy Hash: 4439bff34f802c43c5c0f6c113c1abd096c616d63ef5524dc055cb929ec26012
                                                                                        • Instruction Fuzzy Hash: D0E0E5B0A10204ABD604CBB4E848A1933799B4433CF20C754E52C4BBD0E736E89AD745
                                                                                        Function 6CDD0730 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CDD0697,00000000), ref: 6CDD0746
                                                                                        • TlsSetValue.KERNEL32(?,6CDD0697,?,6CDD0697,00000000), ref: 6CDD0755
                                                                                        • Py_FatalError.PYTHON27(Couldn't create autoTLSkey mapping,?,6CDD0697,00000000), ref: 6CDD0764
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        Strings
                                                                                        • Couldn't create autoTLSkey mapping, xrefs: 6CDD075F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$Value__iob_func$ErrorFatalabortfflushfprintf
                                                                                        • String ID: Couldn't create autoTLSkey mapping
                                                                                        • API String ID: 3273730768-18693100
                                                                                        • Opcode ID: 6b660e9437eecec0e19050abea6542ade4b11658b79bd0b4ccf4aa56d265b2c5
                                                                                        • Instruction ID: cf26dd8b56a588e6ba66f62d704491400ad4d420bce722f4e0823924d7a6c460
                                                                                        • Opcode Fuzzy Hash: 6b660e9437eecec0e19050abea6542ade4b11658b79bd0b4ccf4aa56d265b2c5
                                                                                        • Instruction Fuzzy Hash: 00E09231B00151BBD6617B96984CF573FBCABC63D8F550024F50986610E379B485CBA1
                                                                                        Function 6CD3EF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_FatalError.PYTHON27(non-string found in code slot,?,?,6CD3F1C4), ref: 6CD3EF84
                                                                                        • PyString_InternInPlace.PYTHON27(?,6CD3F1C4), ref: 6CD3EF8D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalInternPlaceString_
                                                                                        • String ID: hl$non-string found in code slot
                                                                                        • API String ID: 3605443080-919895464
                                                                                        • Opcode ID: a5dcbb64270cb81697d236966edfe205fcacaeb3b3cac466c78f60196c496dad
                                                                                        • Instruction ID: b8b575d2b5fa7777ff47e50aeada243f2c915df273b2db0280b81c7ed1e30e02
                                                                                        • Opcode Fuzzy Hash: a5dcbb64270cb81697d236966edfe205fcacaeb3b3cac466c78f60196c496dad
                                                                                        • Instruction Fuzzy Hash: 95E0DF339011304BA200472CAC00A9AB7E55F822283174169DC2DA7F75DAB0EC8A81E2
                                                                                        Function 6CCB5FD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5248,internal error in regular expression user), ref: 6CCB5FEA
                                                                                        • PyErr_SetString.PYTHON27(6CEE5248,maximum recursion limit exceeded), ref: 6CCB5FFF
                                                                                        Strings
                                                                                        • internal error in regular expression engine, xrefs: 6CCB5FE4
                                                                                        • maximum recursion limit exceeded, xrefs: 6CCB5FF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String
                                                                                        • String ID: internal error in regular expression user$maximum recursion limit exceeded
                                                                                        • API String ID: 1450464846-628104037
                                                                                        • Opcode ID: 35263df3800e99ddf4bfaf9909e03a799cbe3984cdf4b42841a7b839296b3687
                                                                                        • Instruction ID: a798be08f057bd1f23dcc23022d009a2f4344b5adbba447cec57e51fb526bf3b
                                                                                        • Opcode Fuzzy Hash: 35263df3800e99ddf4bfaf9909e03a799cbe3984cdf4b42841a7b839296b3687
                                                                                        • Instruction Fuzzy Hash: 87D05E9ED07A00538C1153F8AC90D183238275A67DBB40F01F039E2EF1F73AD0598266
                                                                                        Function 6CCA3810 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_List.PYTHON27(?), ref: 6CCA3825
                                                                                          • Part of subcall function 6CD2E960: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E985
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA385D
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CCA3924
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA3930
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ClearExceptionGivenIterListMatchesObject_Sequence_String
                                                                                        • String ID:
                                                                                        • API String ID: 4113104371-0
                                                                                        • Opcode ID: 0cc102c2aaf55e5bfe73fee0ce0a5b05c0ff5547e6d745ef7abddc745176bfa6
                                                                                        • Instruction ID: ae9c6ff032a3f756eccdb92cd91ed49f97b770534d1498d81e983a383ff42d2a
                                                                                        • Opcode Fuzzy Hash: 0cc102c2aaf55e5bfe73fee0ce0a5b05c0ff5547e6d745ef7abddc745176bfa6
                                                                                        • Instruction Fuzzy Hash: 3541A6B1A006025BD714CFA9D898A96B3B4FB45338F184329DD2887B90F735E957C7D1
                                                                                        Function 6CCA3990 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PySequence_List.PYTHON27(?), ref: 6CCA39A5
                                                                                          • Part of subcall function 6CD2E960: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2E985
                                                                                        • PyObject_GetIter.PYTHON27(?), ref: 6CCA39DD
                                                                                        • PyErr_GivenExceptionMatches.PYTHON27(?,6CEE4978), ref: 6CCA3A9A
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CCA3AA6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ClearExceptionGivenIterListMatchesObject_Sequence_String
                                                                                        • String ID:
                                                                                        • API String ID: 4113104371-0
                                                                                        • Opcode ID: 84efacc886474e7acc02351530017df12a120314ff8f286737a32f33554f216f
                                                                                        • Instruction ID: a4daf4d8c09310c8f5d566b4a6d7b17f8785330bb95718dc20593ded007c4d48
                                                                                        • Opcode Fuzzy Hash: 84efacc886474e7acc02351530017df12a120314ff8f286737a32f33554f216f
                                                                                        • Instruction Fuzzy Hash: 4941CFB6A006129BC3008FE5D895B96B3B4FB45338B184329D92887B81E735EC97C7E1
                                                                                        Function 6CD68F50 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_NoMemory.PYTHON27(6CD3F060,00000000,?,?,?,?,?,?,?,?,?,?,?,6CD6978E,00000000,850C2444), ref: 6CD68F70
                                                                                        • malloc.MSVCR90 ref: 6CD68FE3
                                                                                        • memset.MSVCR90 ref: 6CD69004
                                                                                        • free.MSVCR90 ref: 6CD69067
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Memoryfreemallocmemset
                                                                                        • String ID:
                                                                                        • API String ID: 3371104938-0
                                                                                        • Opcode ID: 26377036828473668a88bff179f341ef3bb0e3191bcac2973b76288d99fb9d16
                                                                                        • Instruction ID: 9f359cc6bd9ff8e766bb5d3125a158ae543801b420c48f56a44cee66b323c393
                                                                                        • Opcode Fuzzy Hash: 26377036828473668a88bff179f341ef3bb0e3191bcac2973b76288d99fb9d16
                                                                                        • Instruction Fuzzy Hash: A1319571A00205DBE710CF66D8C078AB7F9EF85328F14462AD95987E60E772E989CB91
                                                                                        Function 6CCAAF40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CCAAF8A
                                                                                        • _PyString_Resize.PYTHON27(?,7FFFFFFF), ref: 6CCAB010
                                                                                        • _PyString_Resize.PYTHON27(?,00000002), ref: 6CCAB039
                                                                                        • PyErr_NoMemory.PYTHON27 ref: 6CCAB061
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$Resize$Err_FromMemorySizeString
                                                                                        • String ID:
                                                                                        • API String ID: 1823809671-0
                                                                                        • Opcode ID: 461fd2bc899663d6d4c01dac9ff3825c3a25ddbd50b46cf82d3d317e29ec1094
                                                                                        • Instruction ID: 704e44fc00be612929f48fc0a9a45d0ba247aa55b0f57ef502a2fcef5d476f49
                                                                                        • Opcode Fuzzy Hash: 461fd2bc899663d6d4c01dac9ff3825c3a25ddbd50b46cf82d3d317e29ec1094
                                                                                        • Instruction Fuzzy Hash: 5D31D6B190010B9BCB10CFE5C884ADEB7F4EB85328F6042A9D42597B94E7319547CB71
                                                                                        Function 6CCA9140 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6CCA9090: malloc.MSVCR90 ref: 6CCA90B0
                                                                                          • Part of subcall function 6CCA9090: PyErr_NoMemory.PYTHON27 ref: 6CCA90BF
                                                                                          • Part of subcall function 6CCA9090: fgetc.MSVCR90 ref: 6CCA90E7
                                                                                          • Part of subcall function 6CCA9090: PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CCA90FF
                                                                                          • Part of subcall function 6CCA9090: free.MSVCR90 ref: 6CCA910C
                                                                                        • PyDict_GetItem.PYTHON27(?,?), ref: 6CCA9180
                                                                                        • PyList_New.PYTHON27(00000000), ref: 6CCA9193
                                                                                          • Part of subcall function 6CD593A0: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,0000007E,?,?,?,?,?,6CD45BB1,?,?,?,?,6CD467DF,?), ref: 6CD593C3
                                                                                        • PyDict_SetItem.PYTHON27(?,?,00000000), ref: 6CCA91A7
                                                                                        • PyList_Append.PYTHON27(00000000,?), ref: 6CCA921A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_Err_ItemList_$AppendFormatFromMemorySizeStringString_fgetcfreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 1085706943-0
                                                                                        • Opcode ID: a5f486c402d1547218ecd3b063dbb05f99a56bff58128d70b14961f654c9030b
                                                                                        • Instruction ID: c83938f7a75f0364d97571c6449457b63a6a07843689930822e5038ea55c78a8
                                                                                        • Opcode Fuzzy Hash: a5f486c402d1547218ecd3b063dbb05f99a56bff58128d70b14961f654c9030b
                                                                                        • Instruction Fuzzy Hash: 813190B5D00206ABDB00DFE5DC8999EB778AF05328B244368DA2597781F736DE07C7A1
                                                                                        Function 6CD6D6A0 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromStringAndSize.PYTHON27(00000000,?), ref: 6CD6D6EA
                                                                                        • PyString_AsString.PYTHON27(00000000), ref: 6CD6D6FA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: StringString_$FromSize
                                                                                        • String ID:
                                                                                        • API String ID: 1868944898-0
                                                                                        • Opcode ID: 7752a871fe9511681eb989cc11097eb59172ce232ce1b71cf297ae00bd0f460a
                                                                                        • Instruction ID: da85b52490ae99bd847c029f7a027af9588fd9121bd21661ff9d748732c2e422
                                                                                        • Opcode Fuzzy Hash: 7752a871fe9511681eb989cc11097eb59172ce232ce1b71cf297ae00bd0f460a
                                                                                        • Instruction Fuzzy Hash: 93218675E0420DEFCB00CFA9E880AEE7BB4EB45349F244169E809D7B50E730DA44CBA1
                                                                                        Function 6CD55460 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetItem.PYTHON27(?,?,?,?,?,?,6CD556D7,?,00000001,?), ref: 6CD55482
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD55490
                                                                                        • PyCell_Set.PYTHON27(00000000,00000000), ref: 6CD554AA
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD554B6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearErr_$Cell_ItemObject_
                                                                                        • String ID:
                                                                                        • API String ID: 3031884619-0
                                                                                        • Opcode ID: a288b6bd9abaf36f3841041a24922fccdaa31430cbe23dce4e7341a2d5c638b4
                                                                                        • Instruction ID: 84a924313b0f4019468946280c0b0d20f943ce17835aa034acb010e2986a328e
                                                                                        • Opcode Fuzzy Hash: a288b6bd9abaf36f3841041a24922fccdaa31430cbe23dce4e7341a2d5c638b4
                                                                                        • Instruction Fuzzy Hash: 6521F671902611DBCF228F94C84099AB3A8AF4172AB64436DDC244B7B0E734E961D6F2
                                                                                        Function 6CD53990 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: free
                                                                                        • String ID: 2l$2l$2l
                                                                                        • API String ID: 1294909896-3196281428
                                                                                        • Opcode ID: 55dc643e6571806c344958305ae7ce3570d78e88523d95c28e6490a0870f6123
                                                                                        • Instruction ID: acf797fafc850cdb4de203dbdc9d10ff9c86bdd526770313563f447515fde532
                                                                                        • Opcode Fuzzy Hash: 55dc643e6571806c344958305ae7ce3570d78e88523d95c28e6490a0870f6123
                                                                                        • Instruction Fuzzy Hash: 7521BEB6E09200CFCF05CF9AC485745BBB4FB89358F6582AEC5458BA21D332CA91CB80
                                                                                        Function 6CD3EDC0 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(?), ref: 6CD3EDCB
                                                                                        • PyImport_Import.PYTHON27(00000000), ref: 6CD3EDDB
                                                                                        • PyObject_GetAttrString.PYTHON27(00000000,?), ref: 6CD3EDFF
                                                                                        • PyCObject_AsVoidPtr.PYTHON27(00000000), ref: 6CD3EE0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_String$AttrFromImportImport_String_Void
                                                                                        • String ID:
                                                                                        • API String ID: 372386033-0
                                                                                        • Opcode ID: 77110e976b69f6ba44cf362bcfce5f6268fed25b6077416a713deddafba46f1d
                                                                                        • Instruction ID: 792f6037ba39f6f1696ad6ce86aff3827037d24b38680b5b74acc051774b69a1
                                                                                        • Opcode Fuzzy Hash: 77110e976b69f6ba44cf362bcfce5f6268fed25b6077416a713deddafba46f1d
                                                                                        • Instruction Fuzzy Hash: 450108B39015209BD2119F58AC8089F73A8AF8623CB254338E92D47FD1E725ED07C7D2
                                                                                        Function 6CD4D010 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: fflushfreereallocsetvbuf
                                                                                        • String ID:
                                                                                        • API String ID: 3621953076-0
                                                                                        • Opcode ID: 015c085e97baf12047290747a7cd97530d609868bf87f90b62c626fe32c37f8f
                                                                                        • Instruction ID: f5c53796515769c9dccf8010ee067d30f852b1f9ee5e32faacdf35b2c4c829c9
                                                                                        • Opcode Fuzzy Hash: 015c085e97baf12047290747a7cd97530d609868bf87f90b62c626fe32c37f8f
                                                                                        • Instruction Fuzzy Hash: 4511C4B17002019FEB108B39C844B1777BDEB8931AF14C629FB9997B60C537EC428765
                                                                                        Function 6CDC6770 Relevance: 6.0, APIs: 4, Instructions: 50threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 6CDC6784
                                                                                        • PyThread_allocate_lock.PYTHON27(?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDC679A
                                                                                        • PyEval_SaveThread.PYTHON27(00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDC67D5
                                                                                        • PyEval_RestoreThread.PYTHON27(00000000,00000000,00000000,?,?,6CDCA352,__builtin__,00000000,00000000,00000000,00000000), ref: 6CDC67F1
                                                                                          • Part of subcall function 6CDE79B0: InterlockedCompareExchange.KERNEL32(?,00000000,000000FF), ref: 6CDE79BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$Eval_$CompareCurrentExchangeInterlockedRestoreSaveThread_allocate_lock
                                                                                        • String ID:
                                                                                        • API String ID: 3700328054-0
                                                                                        • Opcode ID: 24879d27c5f07bf4b9d604307bad93110c910421cbe7df8c282a0df8a1e98fa4
                                                                                        • Instruction ID: 97af1fbfa1dddacf97eb98924349a069b5a8ae009f2c40aad7ecb702e2ea4313
                                                                                        • Opcode Fuzzy Hash: 24879d27c5f07bf4b9d604307bad93110c910421cbe7df8c282a0df8a1e98fa4
                                                                                        • Instruction Fuzzy Hash: 14019671F11101C6DB5067B9A8947AE32786F4533DF240739E421C3EE1E776C0178AA2
                                                                                        Function 6CD54170 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,can't unpack IEEE 754 special value on non-IEEE platform), ref: 6CD541DE
                                                                                        • ldexp.MSVCR90 ref: 6CD5427F
                                                                                        Strings
                                                                                        • can't unpack IEEE 754 special value on non-IEEE platform, xrefs: 6CD541D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Stringldexp
                                                                                        • String ID: can't unpack IEEE 754 special value on non-IEEE platform
                                                                                        • API String ID: 1642531332-26340962
                                                                                        • Opcode ID: 79944b6a7afd52ecb990eb3383c63cd31a6ea17b720dc13b8c98a17397edd31e
                                                                                        • Instruction ID: 0565512165c909f895258736ec643d8aa708811e13b7bc5c5a94d497c83cc8f1
                                                                                        • Opcode Fuzzy Hash: 79944b6a7afd52ecb990eb3383c63cd31a6ea17b720dc13b8c98a17397edd31e
                                                                                        • Instruction Fuzzy Hash: A3415032B086649BCB048F2AD85456ABFF1EFCE325F49466EF99997770C630C424C752
                                                                                        Function 6CDD0780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • PyThreadState_Clear: warning: thread still has a frame, xrefs: 6CDD0797
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: __iob_funcfprintf
                                                                                        • String ID: PyThreadState_Clear: warning: thread still has a frame
                                                                                        • API String ID: 620453056-874985626
                                                                                        • Opcode ID: bf5d3e826d26fffbfaeb8eef48762a9ef6150e6fb51d7b725e31f499af2509a6
                                                                                        • Instruction ID: 491e1d6d0b3f4b02239b390dadae4ddfb89c760caf36de084548089d2ce30cbf
                                                                                        • Opcode Fuzzy Hash: bf5d3e826d26fffbfaeb8eef48762a9ef6150e6fb51d7b725e31f499af2509a6
                                                                                        • Instruction Fuzzy Hash: 0351FD70E00A40DFC710DF69D884856B7B5AFC53687368758D5AA8BEA0D735FC82CB91
                                                                                        Function 6CD54050 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,can't unpack IEEE 754 special value on non-IEEE platform), ref: 6CD540B0
                                                                                        • ldexp.MSVCR90 ref: 6CD54106
                                                                                        Strings
                                                                                        • can't unpack IEEE 754 special value on non-IEEE platform, xrefs: 6CD540AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Stringldexp
                                                                                        • String ID: can't unpack IEEE 754 special value on non-IEEE platform
                                                                                        • API String ID: 1642531332-26340962
                                                                                        • Opcode ID: 589e4e94e41dc8e360c30abd05455426ecd8d43033c558a0cffc409461035eca
                                                                                        • Instruction ID: 1e5548cca05f6bb95cd0f9c64835f8fa9d31915f1ab78e31d3d15ac582396aed
                                                                                        • Opcode Fuzzy Hash: 589e4e94e41dc8e360c30abd05455426ecd8d43033c558a0cffc409461035eca
                                                                                        • Instruction Fuzzy Hash: 7A315D32E09514DBCB005F2DD8446A6BBB4EB86329F54876BFDA8C7661D631C434CB92
                                                                                        Function 6CCA64F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CCA6528
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CCA6560
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CCA655B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalMallocObject_
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 2067638752-3349536495
                                                                                        • Opcode ID: f1b354cd225a9780812b62f79c75993f2181ba143201739ca4e7a53bc045c4c8
                                                                                        • Instruction ID: fb8493ad68cd05d961d38cb9395320d3ca6a52407c1af7c396f666503c4cdf74
                                                                                        • Opcode Fuzzy Hash: f1b354cd225a9780812b62f79c75993f2181ba143201739ca4e7a53bc045c4c8
                                                                                        • Instruction Fuzzy Hash: DF219FB2A106028FCB04CFADD849156BBF4FB49324B10876ED839C7B95E771E456CB90
                                                                                        Function 6CCB79B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(invalid SRE code,00000000,00000000,?,6CCB7406), ref: 6CCB7A79
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5248,00000000,invalid SRE code,00000000,00000000,?,6CCB7406), ref: 6CCB7A82
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: invalid SRE code
                                                                                        • API String ID: 1840871587-2648610507
                                                                                        • Opcode ID: 1f6851667e6ce3b88baad5307f8532aefd785fe9eefda51fb33b4191fb8a8721
                                                                                        • Instruction ID: ba7886ca1237507ee13b44db63ded0bb910a90fb91f3129464cbf9916e1b255c
                                                                                        • Opcode Fuzzy Hash: 1f6851667e6ce3b88baad5307f8532aefd785fe9eefda51fb33b4191fb8a8721
                                                                                        • Instruction Fuzzy Hash: 42118C7260A2104BD72156F5AC405AB7769DB8233DB180769EC09E7E81F231DE84E3F2
                                                                                        Function 6CCB7D40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON27(?,?,|O:groups,6CF0A204,?), ref: 6CCB7D63
                                                                                        • PyTuple_New.PYTHON27(?), ref: 6CCB7D83
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_Keywords_ParseSizeTupleTuple_
                                                                                        • String ID: |O:groups
                                                                                        • API String ID: 839320981-1302304481
                                                                                        • Opcode ID: 1d3016aa1e6e6e2a194f10be5159951ce18cdb4428bec9b21afc4b04cd7abf36
                                                                                        • Instruction ID: f59756090b9a94a4c2a770ee24ccd88f208e00594ce546c1d630982b54f06dd7
                                                                                        • Opcode Fuzzy Hash: 1d3016aa1e6e6e2a194f10be5159951ce18cdb4428bec9b21afc4b04cd7abf36
                                                                                        • Instruction Fuzzy Hash: EB119675B00119AB9B00DBA9ED419EAB7FDEF84268F1442E5EC0897B00F731ED1597E1
                                                                                        Function 6CD69890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(pop from an empty set,?,?,?,?,?,6CD6C0E1,?), ref: 6CD698AF
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5C10,00000000,pop from an empty set,?,?,?,?,?,6CD6C0E1,?), ref: 6CD698B8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: pop from an empty set
                                                                                        • API String ID: 1840871587-2672739147
                                                                                        • Opcode ID: 8d51adabeb4302985501437e27685d6c8113ae0c77db393108a3c15ccf882767
                                                                                        • Instruction ID: 3d6a7f352f005957499402b5a823e7d6a16c6c9f16fc05d0ba878d542b10b723
                                                                                        • Opcode Fuzzy Hash: 8d51adabeb4302985501437e27685d6c8113ae0c77db393108a3c15ccf882767
                                                                                        • Instruction Fuzzy Hash: D011C335705605DB9720CF16D980866B3B5FB86338B24866ED85A87F60D731E80ACBA1
                                                                                        Function 6CD64680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD646D9
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000014), ref: 6CD64713
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD646D4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalMallocObject_
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 2067638752-3349536495
                                                                                        • Opcode ID: 1166ea91ffd05d5d955659a87bb2b8a5c0a008637e9e3949ab9186d52b69e7ca
                                                                                        • Instruction ID: 9e686758a7706eb00d8bfbbe28c6e9af0fbc3bed442a08d07bd8fdbfde6eb45f
                                                                                        • Opcode Fuzzy Hash: 1166ea91ffd05d5d955659a87bb2b8a5c0a008637e9e3949ab9186d52b69e7ca
                                                                                        • Instruction Fuzzy Hash: A911B1B2B11702CFCB10CF59C811695B7F4FB4A325B10866EDC2987B61E736E442CB90
                                                                                        Function 6CCAA1E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyArg_UnpackTuple.PYTHON27(?,runcall,00000001,00000003,?,?,?), ref: 6CCAA208
                                                                                          • Part of subcall function 6CDC5D90: PyString_FromString.PYTHON27(PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DB2
                                                                                          • Part of subcall function 6CDC5D90: PyErr_SetObject.PYTHON27(6CEE65C8,00000000,PyArg_UnpackTuple() argument list is not a tuple), ref: 6CDC5DBB
                                                                                          • Part of subcall function 6CCAA040: PyString_FromString.PYTHON27(profiler already active), ref: 6CCAA05C
                                                                                          • Part of subcall function 6CCAA040: PyErr_SetObject.PYTHON27(?,00000000,profiler already active), ref: 6CCAA065
                                                                                          • Part of subcall function 6CCA9F30: QueryPerformanceCounter.KERNEL32 ref: 6CCA9F44
                                                                                          • Part of subcall function 6CCA9F30: PyEval_SetTrace.PYTHON27(Function_00009E00), ref: 6CCA9F6B
                                                                                        • PyEval_CallObjectWithKeywords.PYTHON27(?,?,?), ref: 6CCAA235
                                                                                          • Part of subcall function 6CDB29C0: PyErr_SetString.PYTHON27(6CEE48B0,keyword list must be a dictionary), ref: 6CDB2A87
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_ObjectString$Eval_FromString_$Arg_CallCounterKeywordsPerformanceQueryTraceTupleUnpackWith
                                                                                        • String ID: runcall
                                                                                        • API String ID: 2803546149-1992080128
                                                                                        • Opcode ID: 18664aaa70b4fca2368bb2e3114f1b132464c824997e8b404a92333087e74dc6
                                                                                        • Instruction ID: 3e2a4f8c3cb8b36a392d283d22d1e8ae5b17db374468a2355f422837873cee5c
                                                                                        • Opcode Fuzzy Hash: 18664aaa70b4fca2368bb2e3114f1b132464c824997e8b404a92333087e74dc6
                                                                                        • Instruction Fuzzy Hash: E2015676B012097BDB00DBDDAC45DEEB3ACDBC4618F044196F908D7741FA719A1686A1
                                                                                        Function 6CCA5090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(deque mutated during iteration), ref: 6CCA50B8
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5248,00000000,deque mutated during iteration), ref: 6CCA50C1
                                                                                        Strings
                                                                                        • deque mutated during iteration, xrefs: 6CCA50B3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: deque mutated during iteration
                                                                                        • API String ID: 1840871587-601426129
                                                                                        • Opcode ID: 3d67285e155d6ea08418b3cfac8f564539a4cefc45de9e70279d85eed172b495
                                                                                        • Instruction ID: 61ef767db6e6f8c6a1f6827073e4df6a61ab8d48281da9ab41bfd34b73c308ef
                                                                                        • Opcode Fuzzy Hash: 3d67285e155d6ea08418b3cfac8f564539a4cefc45de9e70279d85eed172b495
                                                                                        • Instruction Fuzzy Hash: A5116A36600A058BC214CF89D844AA6B7B4EF85328B34869DD85D4B751E732EC47DBD0
                                                                                        Function 6CD56F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000018), ref: 6CD56F0E
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD56F50
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD56F4B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$__iob_func$ErrorFatalMallocObject_abortfflushfprintf
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 872466363-3349536495
                                                                                        • Opcode ID: f08d4a6ef5509be44193fa6514081a6d29c773dc58667056d6cb016fc2aecce4
                                                                                        • Instruction ID: 1074a5b67b8d0f3a26582a4d0a756a8ec4dd2c41968401225307fb237088122f
                                                                                        • Opcode Fuzzy Hash: f08d4a6ef5509be44193fa6514081a6d29c773dc58667056d6cb016fc2aecce4
                                                                                        • Instruction Fuzzy Hash: F311B2B1A007018FCB24CF69D84585AB7F4FB853247108BADE87987BA1E731E856CBD0
                                                                                        Function 6CCA86F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(heap argument must be a list), ref: 6CCA8712
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,heap argument must be a list), ref: 6CCA871B
                                                                                        Strings
                                                                                        • heap argument must be a list, xrefs: 6CCA870D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: heap argument must be a list
                                                                                        • API String ID: 1840871587-325666163
                                                                                        • Opcode ID: eed0b2d503b00047638eebabcd5fb3387969665f7af89baa6bc6a77f87ee434f
                                                                                        • Instruction ID: cede6787f6492a7b41e15f9a75f5aa989f0fb589b5a6c9f0553e3711fd4bcefc
                                                                                        • Opcode Fuzzy Hash: eed0b2d503b00047638eebabcd5fb3387969665f7af89baa6bc6a77f87ee434f
                                                                                        • Instruction Fuzzy Hash: 9701D876E01A115B8610967D98089AAB7B8DB86378B150357FC28D3FE0F731EC5782D1
                                                                                        Function 6CCB0820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_CallFunction.PYTHON27(6CF11A50,((Olldd)),?,?,?), ref: 6CCB085F
                                                                                          • Part of subcall function 6CD2F1F0: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F217
                                                                                        • PyList_Append.PYTHON27(?,00000000), ref: 6CCB087B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AppendCallErr_FunctionList_Object_String
                                                                                        • String ID: ((Olldd))
                                                                                        • API String ID: 1113355727-2573867300
                                                                                        • Opcode ID: 1b5070846743d955c39b27d022725328bd32705144b86eb6201f48d2dafbdf69
                                                                                        • Instruction ID: 9f17205bd45ac7cebcf60ccd323abfeae97d0940af42b6fe96816bca16387d2d
                                                                                        • Opcode Fuzzy Hash: 1b5070846743d955c39b27d022725328bd32705144b86eb6201f48d2dafbdf69
                                                                                        • Instruction Fuzzy Hash: 150126B2A049105FC300AF19ED41856B7A8EF843307114794EC68877A0EB31EC26C7E1
                                                                                        Function 6CCB68A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6CCB87C0: _PyArg_ParseTuple_SizeT.PYTHON27(?,O|nn:scanner,?,?,?), ref: 6CCB87E8
                                                                                        • PyObject_GetAttrString.PYTHON27(00000000,search), ref: 6CCB68C4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_AttrObject_ParseSizeStringTuple_
                                                                                        • String ID: search
                                                                                        • API String ID: 994136497-3035683751
                                                                                        • Opcode ID: a5eb69601596d37a3f41d897368749ad6138f86dc7b55810689bde1384319761
                                                                                        • Instruction ID: 530cb9492db29db7b729221593937b934fc58a7cf5bcb48b989cb8553e902ced
                                                                                        • Opcode Fuzzy Hash: a5eb69601596d37a3f41d897368749ad6138f86dc7b55810689bde1384319761
                                                                                        • Instruction Fuzzy Hash: B60126B6A005052787009AA9EC00C9B33BA9BC02387194339FC2CD7B40F736ED5787E1
                                                                                        Function 6CCA9820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memcpy.MSVCR90(?,?), ref: 6CCA9898
                                                                                          • Part of subcall function 6CCA9700: fwrite.MSVCR90 ref: 6CCA971E
                                                                                          • Part of subcall function 6CCA9700: fflush.MSVCR90 ref: 6CCA9742
                                                                                        • PyErr_SetString.PYTHON27(6CEE5D10,string too large for internal buffer), ref: 6CCA985A
                                                                                        Strings
                                                                                        • string too large for internal buffer, xrefs: 6CCA9854
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Stringfflushfwritememcpy
                                                                                        • String ID: string too large for internal buffer
                                                                                        • API String ID: 1502676727-55190435
                                                                                        • Opcode ID: eb394b55ac434e1d4ef39726271c6df768af1be0c43d982b66a4cfd179ad4c58
                                                                                        • Instruction ID: a99a00d7a2f676c99479d84793f0114260cb068cd0d1f90ce1c6384320cebbd9
                                                                                        • Opcode Fuzzy Hash: eb394b55ac434e1d4ef39726271c6df768af1be0c43d982b66a4cfd179ad4c58
                                                                                        • Instruction Fuzzy Hash: 8001C0B5602B065BD728CFA49885997B3A8EF44318B104B29D45A87E51F721F50987A0
                                                                                        Function 6CDC54D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Python\getargs.c,000005C1,?,?,?), ref: 6CDC5543
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CDC553D
                                                                                        • ..\Python\getargs.c, xrefs: 6CDC5538
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Python\getargs.c
                                                                                        • API String ID: 376477240-2001156345
                                                                                        • Opcode ID: afd7e564a4c2c3fd778f201dcc265704407f120d12d66ba0c34d12fe598348f5
                                                                                        • Instruction ID: 4b7b91edb5c8c4e26e16d2ad6c23847419cbfa7aa3ccc192621fbcfc5bda1a78
                                                                                        • Opcode Fuzzy Hash: afd7e564a4c2c3fd778f201dcc265704407f120d12d66ba0c34d12fe598348f5
                                                                                        • Instruction Fuzzy Hash: 5301D6767122049BEB01DF94EC41FAB736DDB80618F108649AD245B690F630E55697D2
                                                                                        Function 6CDC5560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Python\getargs.c,000005D9,?,?), ref: 6CDC55D3
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CDC55CD
                                                                                        • ..\Python\getargs.c, xrefs: 6CDC55C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Python\getargs.c
                                                                                        • API String ID: 376477240-2001156345
                                                                                        • Opcode ID: 1d661e70379025662ed5e47859634f6debadf64afbb46e7c180187cf757b41ab
                                                                                        • Instruction ID: 34aa197c0dda1aa2b1a856ccc667d16242a6602caa85bd97e88b37542f94a08d
                                                                                        • Opcode Fuzzy Hash: 1d661e70379025662ed5e47859634f6debadf64afbb46e7c180187cf757b41ab
                                                                                        • Instruction Fuzzy Hash: 810196767122049BDB10DF94D841FAB736D9B80614F50864ABC245B690F730E55596D2
                                                                                        Function 6CCB9180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(byte format requires -128 <= number <= 127), ref: 6CCB91C9
                                                                                        • PyErr_SetObject.PYTHON27(00000000,00000000,byte format requires -128 <= number <= 127), ref: 6CCB91D2
                                                                                        Strings
                                                                                        • byte format requires -128 <= number <= 127, xrefs: 6CCB91C4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: byte format requires -128 <= number <= 127
                                                                                        • API String ID: 1840871587-1890209971
                                                                                        • Opcode ID: 691ada1d31b93fd5233019016e791c2c846b17f4317c87a90782fe92be3d9ca6
                                                                                        • Instruction ID: cf7652bc4cf4b32b2ef17518b5c7b71a65e89a4812abb1a99e788051973861f7
                                                                                        • Opcode Fuzzy Hash: 691ada1d31b93fd5233019016e791c2c846b17f4317c87a90782fe92be3d9ca6
                                                                                        • Instruction Fuzzy Hash: D2012632A005055BC210DBA8EC049EA33A8DF91238F144375EC6DD7BA1F730EA09C3D2
                                                                                        Function 6CD304E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(buffer object expected), ref: 6CD30522
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,buffer object expected), ref: 6CD3052B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: buffer object expected
                                                                                        • API String ID: 1840871587-3871874642
                                                                                        • Opcode ID: 68329c5e0966788e1e1a7a67dc3bb81ffbd2f973949f8af87e258aa79b0a2a90
                                                                                        • Instruction ID: 761465aa68271d4b840d0682ae98ca8cc40b5a8cb621123c27bc703cdb57ab28
                                                                                        • Opcode Fuzzy Hash: 68329c5e0966788e1e1a7a67dc3bb81ffbd2f973949f8af87e258aa79b0a2a90
                                                                                        • Instruction Fuzzy Hash: 8801D4726011188BDB10CB58E840AEA73A4AB46278F144365EC2C4BBA0E731FC41C7E2
                                                                                        Function 6CDB36E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyNumber_AsSsize_t.PYTHON27(?,00000000), ref: 6CDB372A
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,slice indices must be integers or None or have an __index__ method,?,6CD6C3E4,?,?), ref: 6CDB375A
                                                                                        Strings
                                                                                        • slice indices must be integers or None or have an __index__ method, xrefs: 6CDB3754
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Number_Ssize_tString
                                                                                        • String ID: slice indices must be integers or None or have an __index__ method
                                                                                        • API String ID: 1917868172-4115508390
                                                                                        • Opcode ID: 5e463aca3a77ceec843af262765d0b7ea0ee102f991d639a9d2ea9a1a4a76e9e
                                                                                        • Instruction ID: 74334c356dec7d8156dcbf0610a0f61329905c7a4b0e150617ed60eb716a8448
                                                                                        • Opcode Fuzzy Hash: 5e463aca3a77ceec843af262765d0b7ea0ee102f991d639a9d2ea9a1a4a76e9e
                                                                                        • Instruction Fuzzy Hash: D40184F4710204DBDB00DF65D480B5533A5AB44B18F348168E81E9BBA1DB36F891D650
                                                                                        Function 6CD58F60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000010), ref: 6CD58F6E
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD58FA7
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD58FA2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$__iob_func$ErrorFatalMallocObject_abortfflushfprintf
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 872466363-3349536495
                                                                                        • Opcode ID: 94f703614971148ef5501f391276afdce2801104bfc0f6e9d1a861fc06a718d5
                                                                                        • Instruction ID: bb867da8b3b02a5b1bc8fe28ca06d14c00014538b6c3dcf91b91027ccfa3376a
                                                                                        • Opcode Fuzzy Hash: 94f703614971148ef5501f391276afdce2801104bfc0f6e9d1a861fc06a718d5
                                                                                        • Instruction Fuzzy Hash: 3601F1B1A01B158FCB208F59D805556F7F4FB4A320B10866AE8698B761E331E496CBD0
                                                                                        Function 6CD39640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(0000000C), ref: 6CD3964E
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD39683
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD3967E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFatalMallocObject_
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 2067638752-3349536495
                                                                                        • Opcode ID: ec1e9d0595c283f28a96536d8108018da674b31003daddd1bf6530d65db89053
                                                                                        • Instruction ID: 464b09d08db2fcc56bccea988be9309968eb226da023f14cd587ab506552ed8a
                                                                                        • Opcode Fuzzy Hash: ec1e9d0595c283f28a96536d8108018da674b31003daddd1bf6530d65db89053
                                                                                        • Instruction Fuzzy Hash: FB01F2B27016128BCB108F19D805556B7B4FB8A324B20476EE83C87B90EB31E456CBD0
                                                                                        Function 6CD2F750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F770
                                                                                        • PyObject_Call.PYTHON27(00000000,00000000,00000000,?,00000000,?,6CD2B1D5), ref: 6CD2F796
                                                                                          • Part of subcall function 6CD2F070: _Py_CheckRecursiveCall.PYTHON27( while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CD2F0A5
                                                                                          • Part of subcall function 6CD2F070: PyErr_SetString.PYTHON27(6CEE65C8,NULL result without error in PyObject_Call,?,00000000,00000000), ref: 6CD2F0E4
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2F76A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallErr_String$CheckObject_Recursive
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 2045816541-2212441169
                                                                                        • Opcode ID: 7bdca0d919082e234990d634c844fe5d7c2f458266dd3186544086fd4460a417
                                                                                        • Instruction ID: edceaf01fa6d8dc9d9f6bd106195e42d7a54bc48f8befec708c367db56f51797
                                                                                        • Opcode Fuzzy Hash: 7bdca0d919082e234990d634c844fe5d7c2f458266dd3186544086fd4460a417
                                                                                        • Instruction Fuzzy Hash: 36F0A47A6001249BC7109B95EC40FC633A9DB8537DF244B25EA5C8BA60D738D94487D0
                                                                                        Function 6CCA58A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_Malloc.PYTHON27(00000016), ref: 6CCA58CA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: MallocObject_
                                                                                        • String ID: hl
                                                                                        • API String ID: 3634026734-3313420889
                                                                                        • Opcode ID: 266f2533878921b6244db4b981b27b5fbe637edd0dd38e8262c9f3f3d3c1163a
                                                                                        • Instruction ID: d3297d2dead5492f6f8536602d1b4176c62fc4d3410a379246b927d345eee24a
                                                                                        • Opcode Fuzzy Hash: 266f2533878921b6244db4b981b27b5fbe637edd0dd38e8262c9f3f3d3c1163a
                                                                                        • Instruction Fuzzy Hash: 2601F7B26453049FE7008F69E845BD67FF8AF0236CF0582A6D8488FA62E332D005C7D1
                                                                                        Function 6CD3EE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(Invalid call to PyCObject_SetVoidPtr), ref: 6CD3EE8A
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,Invalid call to PyCObject_SetVoidPtr), ref: 6CD3EE93
                                                                                        Strings
                                                                                        • Invalid call to PyCObject_SetVoidPtr, xrefs: 6CD3EE85
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: Invalid call to PyCObject_SetVoidPtr
                                                                                        • API String ID: 1840871587-391560720
                                                                                        • Opcode ID: da68656a3eb9799999906826700195aa8c639917c13e953c2dc02a0b93d8f12d
                                                                                        • Instruction ID: f70c9d9178d248373e2cab3cf102e19a249740c653f1a6e654e776d04adb1d08
                                                                                        • Opcode Fuzzy Hash: da68656a3eb9799999906826700195aa8c639917c13e953c2dc02a0b93d8f12d
                                                                                        • Instruction Fuzzy Hash: D4F0F4329051259BC320CB59AC00AD673A4DB86274F1443A5EC3CA7BE0EB70EC41C3D1
                                                                                        Function 6CCB79CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(invalid SRE code,00000000,00000000,?,6CCB7406), ref: 6CCB7A79
                                                                                        • PyErr_SetObject.PYTHON27(6CEE5248,00000000,invalid SRE code,00000000,00000000,?,6CCB7406), ref: 6CCB7A82
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: invalid SRE code
                                                                                        • API String ID: 1840871587-2648610507
                                                                                        • Opcode ID: 52f8591d25dd622c2797da3ecc2104338788d07829ca12c4de49409c6ff1675b
                                                                                        • Instruction ID: 003deefb84ec979f598cf61f5e61d8a1e28253a1a1d2223592ce651f4c16e8c2
                                                                                        • Opcode Fuzzy Hash: 52f8591d25dd622c2797da3ecc2104338788d07829ca12c4de49409c6ff1675b
                                                                                        • Instruction Fuzzy Hash: DFF02436A052111BE755A6E1AC009AB37B9DF8232CF041268ED09E7F82F634DE94D3F0
                                                                                        Function 6CCB8E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_Malloc.PYTHON27(00000016), ref: 6CCB8E5B
                                                                                        • PyString_InternInPlace.PYTHON27(00000001), ref: 6CCB8EA8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: InternMallocObject_PlaceString_
                                                                                        • String ID: hl
                                                                                        • API String ID: 1224585087-3313420889
                                                                                        • Opcode ID: 9707e7c2f27afe8df3e36f8b840cc486475d260874e6e7207e04b8f08fbeca16
                                                                                        • Instruction ID: a4bb3c3098ce5ef66ea8dfb49827bb490e14c0f564d7e011c40d94e80507d05e
                                                                                        • Opcode Fuzzy Hash: 9707e7c2f27afe8df3e36f8b840cc486475d260874e6e7207e04b8f08fbeca16
                                                                                        • Instruction Fuzzy Hash: D80124B59016908FD7008F9AE400BD67FF49F06B58F16819AED949FBA2E371D500CBD0
                                                                                        Function 6CD30470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(buffer object expected), ref: 6CD304B1
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,buffer object expected), ref: 6CD304BA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: buffer object expected
                                                                                        • API String ID: 1840871587-3871874642
                                                                                        • Opcode ID: 4bd95e4dddcef4dc9f241bafaed2bf21268217836e6c987709ec737bf432df37
                                                                                        • Instruction ID: 9cb1b4214c24bc1da43ee1a642faeaa5ab51ebfc63779f2c752fc806d94b59cd
                                                                                        • Opcode Fuzzy Hash: 4bd95e4dddcef4dc9f241bafaed2bf21268217836e6c987709ec737bf432df37
                                                                                        • Instruction Fuzzy Hash: ECF0D1365015549BD710CB54D840FAB33A4AF462B8F254358ED684BBA1E771F941C7E1
                                                                                        Function 6CD2EE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__getitem__), ref: 6CD2EE1A
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD2EE3E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttrClearErr_Object_String
                                                                                        • String ID: __getitem__
                                                                                        • API String ID: 2543148516-3646536032
                                                                                        • Opcode ID: 8c66a3f5d12b5d4b03fca4adf094faf80889c9b1214e286a617d40b63e0f479e
                                                                                        • Instruction ID: 1431c44a55bd27a9a73793b07294ffbc53ee7a80421b7b44d9ea6db6a8453196
                                                                                        • Opcode Fuzzy Hash: 8c66a3f5d12b5d4b03fca4adf094faf80889c9b1214e286a617d40b63e0f479e
                                                                                        • Instruction Fuzzy Hash: 20F06271602200DBEB45CB71D941B7673A89F4031EF294668D91D8BEB2D739E842C6E1
                                                                                        Function 6CD43EB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_GC_Malloc.PYTHON27(00000010), ref: 6CD43EBE
                                                                                        • Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD43EF7
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE1440
                                                                                          • Part of subcall function 6CDE1420: fprintf.MSVCR90 ref: 6CDE1446
                                                                                          • Part of subcall function 6CDE1420: __iob_func.MSVCR90 ref: 6CDE144C
                                                                                          • Part of subcall function 6CDE1420: fflush.MSVCR90 ref: 6CDE1452
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(Fatal Python error: ), ref: 6CDE1499
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32 ref: 6CDE149C
                                                                                          • Part of subcall function 6CDE1420: OutputDebugStringW.KERNEL32(6CEB3AD4), ref: 6CDE14A3
                                                                                          • Part of subcall function 6CDE1420: abort.MSVCR90 ref: 6CDE14A5
                                                                                        Strings
                                                                                        • GC object already tracked, xrefs: 6CD43EF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebugOutputString$__iob_func$ErrorFatalMallocObject_abortfflushfprintf
                                                                                        • String ID: GC object already tracked
                                                                                        • API String ID: 872466363-3349536495
                                                                                        • Opcode ID: 4dcac5122bd35d050649ac3abfcc0668fdca80af5e7d7b6e7863a461c47923e8
                                                                                        • Instruction ID: 3d9b5fd4b99dcb1db9902d810ac08ce31ed1d7320d010c06249b3bbbe41ee897
                                                                                        • Opcode Fuzzy Hash: 4dcac5122bd35d050649ac3abfcc0668fdca80af5e7d7b6e7863a461c47923e8
                                                                                        • Instruction Fuzzy Hash: BF01DFB1A01B119FCB208F08C405546F7F4FB4A720B10866EE87987BA0D730E486CBD1
                                                                                        Function 6CCB07C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(memory was exhausted while profiling), ref: 6CCB07E5
                                                                                        • PyErr_SetObject.PYTHON27(6CEE67A8,00000000,memory was exhausted while profiling), ref: 6CCB07EE
                                                                                        Strings
                                                                                        • memory was exhausted while profiling, xrefs: 6CCB07E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: memory was exhausted while profiling
                                                                                        • API String ID: 1840871587-1801820754
                                                                                        • Opcode ID: 6f2def10b811521f1541d785e91f826ae523ded82c3d3a0776cad48eb58bd07a
                                                                                        • Instruction ID: f1a8aa3d2cac9ef46cc0972ad4aa6d79271bbc8f006bdb678200f65c575247b3
                                                                                        • Opcode Fuzzy Hash: 6f2def10b811521f1541d785e91f826ae523ded82c3d3a0776cad48eb58bd07a
                                                                                        • Instruction Fuzzy Hash: 00F0E9B390251417D3109AADAD059E73798DF8A238B140369EC38D77E1FB62D90683E2
                                                                                        Function 6CCBA020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(bad char in struct format), ref: 6CCBA04C
                                                                                        • PyErr_SetObject.PYTHON27(00000000,00000000,bad char in struct format), ref: 6CCBA055
                                                                                        Strings
                                                                                        • bad char in struct format, xrefs: 6CCBA047
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: bad char in struct format
                                                                                        • API String ID: 1840871587-2911813636
                                                                                        • Opcode ID: 8412a5f95aabfaeded04286d645e873f6044c58d1bffb8e08d2a8c8af383428d
                                                                                        • Instruction ID: 7275923b7867206d43bff39106e65bb2b7a8c0aef88f99644c686c46fedb39ae
                                                                                        • Opcode Fuzzy Hash: 8412a5f95aabfaeded04286d645e873f6044c58d1bffb8e08d2a8c8af383428d
                                                                                        • Instruction Fuzzy Hash: 3CF0593380105017821086997C119AB3BE88ED757CF390364DCE65BBA1F636DD0783E1
                                                                                        Function 6CCAB520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(00000000,join), ref: 6CCAB543
                                                                                        • PyObject_CallFunctionObjArgs.PYTHON27(?,?,00000000), ref: 6CCAB571
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object_$ArgsAttrCallFunctionString
                                                                                        • String ID: join
                                                                                        • API String ID: 167733998-677501143
                                                                                        • Opcode ID: e0e1fcc7ab641631298f366f8faaafbc0b054db3dae563f5b110cb00bacff01e
                                                                                        • Instruction ID: 336654996ce29e2f1121698f6981e5ca016f95dc439674b7a8a00b9a98154cff
                                                                                        • Opcode Fuzzy Hash: e0e1fcc7ab641631298f366f8faaafbc0b054db3dae563f5b110cb00bacff01e
                                                                                        • Instruction Fuzzy Hash: E2F0B472A1021B57D700DBE9AC25BCA33B89F01769F048620E918C7BA0F721E9168BE1
                                                                                        Function 6CD2DF00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_GetAttrString.PYTHON27(?,__getitem__), ref: 6CD2DF1A
                                                                                        • PyErr_Clear.PYTHON27 ref: 6CD2DF3E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttrClearErr_Object_String
                                                                                        • String ID: __getitem__
                                                                                        • API String ID: 2543148516-3646536032
                                                                                        • Opcode ID: c3e9920b38d0519ddfd8ed90a2b69cc016e1f6b55c68ca555d6782d5f38de79c
                                                                                        • Instruction ID: e70d61bef296cf1728a35e7bb1996e292240c7cd702beafb0fae9d4a3b12c40a
                                                                                        • Opcode Fuzzy Hash: c3e9920b38d0519ddfd8ed90a2b69cc016e1f6b55c68ca555d6782d5f38de79c
                                                                                        • Instruction Fuzzy Hash: 0AF0BB71615284CFEBA48B619840F5673F85F4032CF154798E51CCBEB1D72DD841C654
                                                                                        Function 6CD2CCA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6CD2C430: PyType_IsSubtype.PYTHON27(00000000,?,?,?,?,?,?,6CD2CA14,?,?,00000040), ref: 6CD2C48B
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,unsupported operand type(s) for %.100s: '%.100s' and '%.100s',divmod(),?,?), ref: 6CD2CCEE
                                                                                        Strings
                                                                                        • unsupported operand type(s) for %.100s: '%.100s' and '%.100s', xrefs: 6CD2CCE8
                                                                                        • divmod(), xrefs: 6CD2CCE3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FormatSubtypeType_
                                                                                        • String ID: divmod()$unsupported operand type(s) for %.100s: '%.100s' and '%.100s'
                                                                                        • API String ID: 2789853835-4006302392
                                                                                        • Opcode ID: 42a274e4939bde6be9ec41ba7219e31d14005526117ed8b5a346a57d0974d76d
                                                                                        • Instruction ID: d8847623c98d52cb98128299cbe82e9712a6b4274d6a8f3e1303ca428a9d1993
                                                                                        • Opcode Fuzzy Hash: 42a274e4939bde6be9ec41ba7219e31d14005526117ed8b5a346a57d0974d76d
                                                                                        • Instruction Fuzzy Hash: 4AF0F6BA6000006BD700EB54EC40C96B3B8EFC93787158614EE1987751C635FC12C7E5
                                                                                        Function 6CD2CD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyNumber_AsSsize_t.PYTHON27(?,6CEE63F8), ref: 6CD2CDA6
                                                                                          • Part of subcall function 6CD2D720: PyNumber_Index.PYTHON27(?,?,?,?,6CD2B2E8,6CD2EF3A,6CEE5B38), ref: 6CD2D729
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,can't multiply sequence by non-int of type '%.200s',?,?,6CD2CE69,?,?), ref: 6CD2CDDC
                                                                                        Strings
                                                                                        • can't multiply sequence by non-int of type '%.200s', xrefs: 6CD2CDD6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Number_$Err_FormatIndexSsize_t
                                                                                        • String ID: can't multiply sequence by non-int of type '%.200s'
                                                                                        • API String ID: 939530772-2793022148
                                                                                        • Opcode ID: 11fe42373ddc143c41a5a4d009b851983c977d6e4582ec7c99c03a00916c5b20
                                                                                        • Instruction ID: 62b4994ad8638c86dee393164e3141158539fca4319ce1dda91fd0577b94184e
                                                                                        • Opcode Fuzzy Hash: 11fe42373ddc143c41a5a4d009b851983c977d6e4582ec7c99c03a00916c5b20
                                                                                        • Instruction Fuzzy Hash: 8EF0C275600205DBEB00EB60E884B6537BDAB8432CF248658FA1C8B6A2D73AED55C660
                                                                                        Function 6CCA6090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Py_BuildValue.PYTHON27((O)), ref: 6CCA60A4
                                                                                        • PyObject_Call.PYTHON27(6CF0E5E8,00000000,?), ref: 6CCA60C0
                                                                                          • Part of subcall function 6CD2F070: _Py_CheckRecursiveCall.PYTHON27( while calling a Python object,00000001,?,?,6CDB2AB3,00000000,?,6CD00E50), ref: 6CD2F0A5
                                                                                          • Part of subcall function 6CD2F070: PyErr_SetString.PYTHON27(6CEE65C8,NULL result without error in PyObject_Call,?,00000000,00000000), ref: 6CD2F0E4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Call$BuildCheckErr_Object_RecursiveStringValue
                                                                                        • String ID: (O)
                                                                                        • API String ID: 705347834-4232840684
                                                                                        • Opcode ID: 2ab3f5a8d905ab957716115167dcd2ddba2f368a6eda4ea1eb7e0e3d61335a96
                                                                                        • Instruction ID: 7b6ba0f6165517f75ea08825e19188f6f2dc66a5122651c259387dd4f040472e
                                                                                        • Opcode Fuzzy Hash: 2ab3f5a8d905ab957716115167dcd2ddba2f368a6eda4ea1eb7e0e3d61335a96
                                                                                        • Instruction Fuzzy Hash: 64F082F2600516278614569BAC0589B779D8A817B97180764F94CCBB40F615EC4782E5
                                                                                        Function 6CD39710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\cellobject.c,00000024), ref: 6CD39734
                                                                                        Strings
                                                                                        • ..\Objects\cellobject.c, xrefs: 6CD39729
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD3972E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\cellobject.c
                                                                                        • API String ID: 376477240-3279096532
                                                                                        • Opcode ID: 1dd3b00ae35c88f0406c97284ea9276c4998f92362294f8bbced538f707ba8ee
                                                                                        • Instruction ID: c463f802430b0f5735b091c0d5413f4bb45a55646bb62b9f486277de0e5c4a53
                                                                                        • Opcode Fuzzy Hash: 1dd3b00ae35c88f0406c97284ea9276c4998f92362294f8bbced538f707ba8ee
                                                                                        • Instruction Fuzzy Hash: 6DF062B5A012058BD704AF68DC45965B368EB06268B248799E92C8BAE1DA31D841C6C1
                                                                                        Function 6CCB95C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyFloat_AsDouble.PYTHON27(?), ref: 6CCB95CD
                                                                                          • Part of subcall function 6CD50B70: PyType_IsSubtype.PYTHON27(04C48318,?,?,00000000,?,6CD40CAA,?,?,?,?), ref: 6CD50B90
                                                                                        • PyErr_SetString.PYTHON27(00000000,required argument is not a float), ref: 6CCB9600
                                                                                        Strings
                                                                                        • required argument is not a float, xrefs: 6CCB95FA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DoubleErr_Float_StringSubtypeType_
                                                                                        • String ID: required argument is not a float
                                                                                        • API String ID: 4162100309-2628405891
                                                                                        • Opcode ID: ad61ee9889b6417357d237537abeb1a09b0052380992948229cde5a17a9d4a73
                                                                                        • Instruction ID: 159a81096f97d5c4ca35584348ada3a270b4bb5ec046656d7bd3a2f463b08f21
                                                                                        • Opcode Fuzzy Hash: ad61ee9889b6417357d237537abeb1a09b0052380992948229cde5a17a9d4a73
                                                                                        • Instruction Fuzzy Hash: 68F024B5A201048BCB00EF68D984A1637B9EB86328F208798ED6C477D0E731D924D782
                                                                                        Function 6CD2B0D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2B0F0
                                                                                        • PyMapping_Size.PYTHON27(?), ref: 6CD2B116
                                                                                          • Part of subcall function 6CD2EE70: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine,?,6CD2B11B,?), ref: 6CD2EE90
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2B0EA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$Mapping_Size
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 3862615131-2212441169
                                                                                        • Opcode ID: 1a88f11047e24be66c4460b2f80b975b8c04924d6111e9720597ee9af8937f60
                                                                                        • Instruction ID: 912c5cb3d07bfb3f4a94292c72c52f59a77f07b301db31165ba02a3a8ff6b876
                                                                                        • Opcode Fuzzy Hash: 1a88f11047e24be66c4460b2f80b975b8c04924d6111e9720597ee9af8937f60
                                                                                        • Instruction Fuzzy Hash: 7DF0EC74710205E7DB04CB69ED40D5533A95B4122C718076DF52D8BBD1EB7BE550C694
                                                                                        Function 6CCB9560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyFloat_AsDouble.PYTHON27(?), ref: 6CCB9568
                                                                                          • Part of subcall function 6CD50B70: PyType_IsSubtype.PYTHON27(04C48318,?,?,00000000,?,6CD40CAA,?,?,?,?), ref: 6CD50B90
                                                                                        • PyErr_SetString.PYTHON27(00000000,required argument is not a float), ref: 6CCB959B
                                                                                        Strings
                                                                                        • required argument is not a float, xrefs: 6CCB9595
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: DoubleErr_Float_StringSubtypeType_
                                                                                        • String ID: required argument is not a float
                                                                                        • API String ID: 4162100309-2628405891
                                                                                        • Opcode ID: 14df955009195db11a9e2107fe043580428f24c8ef8e43e10e5d9d66d229d2c5
                                                                                        • Instruction ID: 23c76a11c2733cada14cc98e194048556e5cf42d724a1562f1b23526ea510d7e
                                                                                        • Opcode Fuzzy Hash: 14df955009195db11a9e2107fe043580428f24c8ef8e43e10e5d9d66d229d2c5
                                                                                        • Instruction Fuzzy Hash: 67F0E274A10108EBCF04CF94EA84A697775EB46328F208398E90C537D0E7329A20CB54
                                                                                        Function 6CD5A400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,000002CB), ref: 6CD5A42B
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD5A425
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD5A420
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c
                                                                                        • API String ID: 376477240-2051030382
                                                                                        • Opcode ID: 89662a1042e89dfc57553680d5587c6be0a1c856d767bbb09f23e4a0e57c6a0f
                                                                                        • Instruction ID: 5ea9e823cbfdd27d524734a7059f549e8b88e86ed344952d73691c3dc4e76d88
                                                                                        • Opcode Fuzzy Hash: 89662a1042e89dfc57553680d5587c6be0a1c856d767bbb09f23e4a0e57c6a0f
                                                                                        • Instruction Fuzzy Hash: 44F0A7757002086BDB04DFA4DD46D7A3369DB45368F54878DBD2C0B7C1DA31E92197E1
                                                                                        Function 6CD78760 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,000001AA,?,6CCA7AC3,?,00000001,7FFFFFFF), ref: 6CD787A4
                                                                                        Strings
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD78799
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD7879E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c
                                                                                        • API String ID: 376477240-1285866127
                                                                                        • Opcode ID: 70d32c8dfbb3ee8bb637e797a41c5b30ec43850501e40bbec33ee0869d9cb81a
                                                                                        • Instruction ID: 6846e2470966e04fe60540426d22586e0f97cb78b1cd52a45478be8cbbe485ca
                                                                                        • Opcode Fuzzy Hash: 70d32c8dfbb3ee8bb637e797a41c5b30ec43850501e40bbec33ee0869d9cb81a
                                                                                        • Instruction Fuzzy Hash: 59E0E5797002046FE720EF94DC46EAA336CEB81258F14864DBC2C9B790EB35E81197E2
                                                                                        Function 6CD550D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(__builtins__), ref: 6CD550D9
                                                                                        • PyString_InternInPlace.PYTHON27(?), ref: 6CD550FE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: String_$FromInternPlaceString
                                                                                        • String ID: __builtins__
                                                                                        • API String ID: 2843024944-2109793290
                                                                                        • Opcode ID: 92b0c70eb19a791a0cfd924bcc6bbdadf20353002ee0167a04dee77d5d787685
                                                                                        • Instruction ID: a8a9f3d51a3daeb5e765940dd989b4f7e2476c20b31f0b9f5db166d4555786ca
                                                                                        • Opcode Fuzzy Hash: 92b0c70eb19a791a0cfd924bcc6bbdadf20353002ee0167a04dee77d5d787685
                                                                                        • Instruction Fuzzy Hash: 53E01BB1F051099B9F44CB7DAD4269E76FCDB45114B04017EEC0DC3B50FA31DA149695
                                                                                        Function 6CCB6090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_Size.PYTHON27 ref: 6CCB6098
                                                                                        • PyErr_Format.PYTHON27(6CEE48B0,%s() takes at most %d positional arguments (%zd given),?,?,?), ref: 6CCB60C8
                                                                                        Strings
                                                                                        • %s() takes at most %d positional arguments (%zd given), xrefs: 6CCB60C2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_Err_FormatSize
                                                                                        • String ID: %s() takes at most %d positional arguments (%zd given)
                                                                                        • API String ID: 20579995-2187905400
                                                                                        • Opcode ID: c83b1ff2006232271c18588ba3379ca4b25ec4104e41faafdd8262090246d27a
                                                                                        • Instruction ID: ddab5653352f17855218514a6eb152c882550213f8be22f6a8c897fbff2fefd8
                                                                                        • Opcode Fuzzy Hash: c83b1ff2006232271c18588ba3379ca4b25ec4104e41faafdd8262090246d27a
                                                                                        • Instruction Fuzzy Hash: 50E092F57001046BEE08E7F5FC40D6B326CAF4525CB048425B90DC3B01F936E85281A5
                                                                                        Function 6CCA7520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_GetItem.PYTHON27(00000000,?), ref: 6CCA752F
                                                                                        • PyErr_Format.PYTHON27(00000000,unknown dialect), ref: 6CCA7553
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_Err_FormatItem
                                                                                        • String ID: unknown dialect
                                                                                        • API String ID: 3923838959-3850176341
                                                                                        • Opcode ID: c6997242302786a7386fdc52240563c41133d5a4042696ed6344c339a5eae7e5
                                                                                        • Instruction ID: 0578805e35af6050d28ef6375f574b4dce9393735aa97f1f355457e8c16a3cd7
                                                                                        • Opcode Fuzzy Hash: c6997242302786a7386fdc52240563c41133d5a4042696ed6344c339a5eae7e5
                                                                                        • Instruction Fuzzy Hash: 5AE09272B1011597C6149BD4A8408E6B3A8EB146A9B088125EA0C87F00E631E85087E0
                                                                                        Function 6CD59E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,000001F0), ref: 6CD59E9B
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD59E95
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD59E90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c
                                                                                        • API String ID: 376477240-2051030382
                                                                                        • Opcode ID: cd09ef488b7b6b376721df09945a859528c3cbfef485572ef04f44235308d266
                                                                                        • Instruction ID: f2d64d71b67db930731b0ddd8ea188b3c12de9ad7fa2b6e79e2801ae692794de
                                                                                        • Opcode Fuzzy Hash: cd09ef488b7b6b376721df09945a859528c3cbfef485572ef04f44235308d266
                                                                                        • Instruction Fuzzy Hash: E8E0E5B57402086FD700DF90DC46D6A3368D784218F008789FC1C4B781EA31E92196D1
                                                                                        Function 6CCB71C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyString_FromString.PYTHON27(cannot copy this pattern object), ref: 6CCB71D3
                                                                                        • PyErr_SetObject.PYTHON27(6CEE48B0,00000000,cannot copy this pattern object), ref: 6CCB71DC
                                                                                        Strings
                                                                                        • cannot copy this pattern object, xrefs: 6CCB71CE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_FromObjectStringString_
                                                                                        • String ID: cannot copy this pattern object
                                                                                        • API String ID: 1840871587-1000097356
                                                                                        • Opcode ID: 0ff174d1c025bf32d578218370a43847af4a41ef64d82c0edb14231c03d8ee31
                                                                                        • Instruction ID: afb41e955a01dfdd676037f71e5f489827e9a33f98af37bbad1d01a360499411
                                                                                        • Opcode Fuzzy Hash: 0ff174d1c025bf32d578218370a43847af4a41ef64d82c0edb14231c03d8ee31
                                                                                        • Instruction Fuzzy Hash: C9E0D8339415111B86109AA9AC0189773A89B52534B140315DD6CD77E0FA65AC11C2F2
                                                                                        Function 6CD597C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,00000122), ref: 6CD597FF
                                                                                          • Part of subcall function 6CD59770: PyErr_SetString.PYTHON27(6CEE63F8,cannot add more objects to list,00000000,00000000,?,6CD5A6DB,00000000), ref: 6CD5978D
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD597F9
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD597F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$FormatString
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c
                                                                                        • API String ID: 4212644371-2051030382
                                                                                        • Opcode ID: 919de85817aee0c3619be2b0c9d82bbea7b73645ebdefd8689f07ed15d9cdfd4
                                                                                        • Instruction ID: c6511d498d690732e3912dd250e983bd07ecadfe3c3e657e6131a753e15ecbe8
                                                                                        • Opcode Fuzzy Hash: 919de85817aee0c3619be2b0c9d82bbea7b73645ebdefd8689f07ed15d9cdfd4
                                                                                        • Instruction Fuzzy Hash: 85E09BB97012046BDE14EFB5AC42E6937699B41328F50478DBC3C0BBD1DA31E521D6D1
                                                                                        Function 6CD467C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006E7), ref: 6CD467FC
                                                                                          • Part of subcall function 6CD45BA0: PyList_New.PYTHON27(?,?,?,?,6CD467DF,?), ref: 6CD45BAC
                                                                                          • Part of subcall function 6CD45BA0: PyList_New.PYTHON27(?), ref: 6CD45BD2
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD467F6
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CD467F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: List_$Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c
                                                                                        • API String ID: 817396481-1541589624
                                                                                        • Opcode ID: 6cc6f8cfe4c3254b88f45379bc8be953dbb90ff6526d20cbc858016057a1ec7b
                                                                                        • Instruction ID: d3e350b9d349b88542671c39f5ff31bc8dfc9435ef53231d587ef711466c99da
                                                                                        • Opcode Fuzzy Hash: 6cc6f8cfe4c3254b88f45379bc8be953dbb90ff6526d20cbc858016057a1ec7b
                                                                                        • Instruction Fuzzy Hash: 29E06864B042045BE610FFA09D82F6A33688700148F108688BD1C8BA91FA22D42196C1
                                                                                        Function 6CD59720 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,00000103), ref: 6CD5974B
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD59745
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD59740
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c
                                                                                        • API String ID: 376477240-2051030382
                                                                                        • Opcode ID: 554ad224f7c83f0f0918dc6c88f58afdbcd1505ad669fb0d6491ea9a4ac507a1
                                                                                        • Instruction ID: 6d49a60abca93b376f336dd30aac2f57627b4e56ac9dc5c302b9d834fa31e1e3
                                                                                        • Opcode Fuzzy Hash: 554ad224f7c83f0f0918dc6c88f58afdbcd1505ad669fb0d6491ea9a4ac507a1
                                                                                        • Instruction Fuzzy Hash: A7E0E5B97002086BD610DFA4DC42D5933689B02328F104788FC3C0B7C0DA32E52196D1
                                                                                        Function 6CD46860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006FB), ref: 6CD4689C
                                                                                          • Part of subcall function 6CD45CA0: PyList_New.PYTHON27(?), ref: 6CD45CB7
                                                                                          • Part of subcall function 6CD45CA0: Py_FatalError.PYTHON27(GC object already tracked), ref: 6CD45D5A
                                                                                          • Part of subcall function 6CD45CA0: PyList_New.PYTHON27(?), ref: 6CD45DC3
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD46896
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CD46891
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: List_$Err_ErrorFatalFormat
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c
                                                                                        • API String ID: 2187311682-1541589624
                                                                                        • Opcode ID: 7e8170ce0ca38f2460514be84cbb395767a7b8c608fe4692e76d379284110b5d
                                                                                        • Instruction ID: 7a31cf13dedb901346d5d4b85aa61c0a5f747b2f8ddfe83742da86e3898de878
                                                                                        • Opcode Fuzzy Hash: 7e8170ce0ca38f2460514be84cbb395767a7b8c608fe4692e76d379284110b5d
                                                                                        • Instruction Fuzzy Hash: 54E06860B002041BE610EFA09D42F6A77688700188F108B99BD1C8BAD1FA22D42196C1
                                                                                        Function 6CD46810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006F1), ref: 6CD4684C
                                                                                          • Part of subcall function 6CD45C20: PyList_New.PYTHON27(?,?,?,?,6CD4682F,?), ref: 6CD45C2C
                                                                                          • Part of subcall function 6CD45C20: PyList_New.PYTHON27(?), ref: 6CD45C52
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD46846
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CD46841
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: List_$Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c
                                                                                        • API String ID: 817396481-1541589624
                                                                                        • Opcode ID: 7796d8e2bbe1f37f6f27472fa3277f73b7ec582a6bd84c44b3a641f8f8eef7cd
                                                                                        • Instruction ID: f933894d5f6090f3180d11e3c7834d3cb609633d1f25b24faf376ddd6856940a
                                                                                        • Opcode Fuzzy Hash: 7796d8e2bbe1f37f6f27472fa3277f73b7ec582a6bd84c44b3a641f8f8eef7cd
                                                                                        • Instruction Fuzzy Hash: 9AE06860B002045BD620EBA45D82E6A73688701588F1486A9BD1CCBBD1FA62D462D6C1
                                                                                        Function 6CD396C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\cellobject.c,00000018), ref: 6CD396E4
                                                                                        Strings
                                                                                        • ..\Objects\cellobject.c, xrefs: 6CD396D9
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD396DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\cellobject.c
                                                                                        • API String ID: 376477240-3279096532
                                                                                        • Opcode ID: 98bf86bdfd59dae52eec8dc4e653ab0c8a04f4b02b1f8ee51bd4e02d3b4a4873
                                                                                        • Instruction ID: f5f6faa5e7f171424d83aa55fe9b573433ea53d6e4ae52ba6c88a75b0426466f
                                                                                        • Opcode Fuzzy Hash: 98bf86bdfd59dae52eec8dc4e653ab0c8a04f4b02b1f8ee51bd4e02d3b4a4873
                                                                                        • Instruction Fuzzy Hash: EAE09B767015089FC210DA58D842A507374D70A35DF24858DF91D4BAA2DF339852CBC1
                                                                                        Function 6CD46770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,000006DD,?,6CD3AC0A,?), ref: 6CD467A6
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD467A0
                                                                                        • ..\Objects\dictobject.c, xrefs: 6CD4679B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\dictobject.c
                                                                                        • API String ID: 376477240-1541589624
                                                                                        • Opcode ID: 97bd5fcfddc3e58681b51c4963752893f37a7cebf38033ab7273c25670b11f63
                                                                                        • Instruction ID: 3a11e64bbbf13301bd9c4288aedebe105a5e23db3aeeb24504a5d34d936ebb1d
                                                                                        • Opcode Fuzzy Hash: 97bd5fcfddc3e58681b51c4963752893f37a7cebf38033ab7273c25670b11f63
                                                                                        • Instruction Fuzzy Hash: AAE0D8347102045BE210EFA48C81E6577E9CB45274F24878DBD3C8BAD1DA21E41196C1
                                                                                        Function 6CCA5850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_GetItem.PYTHON27(00000000), ref: 6CCA5859
                                                                                        • PyErr_Format.PYTHON27(00000000,unknown dialect), ref: 6CCA587D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Dict_Err_FormatItem
                                                                                        • String ID: unknown dialect
                                                                                        • API String ID: 3923838959-3850176341
                                                                                        • Opcode ID: 9638971a4f355da7640423ddaf7d4b8ee07631e369338333e2afb620735bb6f3
                                                                                        • Instruction ID: a5d0abee34322e0ad96a8df4814fb6b773f6dede645dca6ffa9f2b37a7a71632
                                                                                        • Opcode Fuzzy Hash: 9638971a4f355da7640423ddaf7d4b8ee07631e369338333e2afb620735bb6f3
                                                                                        • Instruction Fuzzy Hash: B2E086B2F541119B865C5B90BC449D63775EB553A53098625E90457E00E734DC8687E0
                                                                                        Function 6CD8A950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,codec must pass exception instance,?,6CD8B04C), ref: 6CD8A972
                                                                                        • PyErr_SetObject.PYTHON27(00000000,?,?,6CD8B04C), ref: 6CD8A988
                                                                                        Strings
                                                                                        • codec must pass exception instance, xrefs: 6CD8A96C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_$ObjectString
                                                                                        • String ID: codec must pass exception instance
                                                                                        • API String ID: 1622067708-3174393782
                                                                                        • Opcode ID: 906eaba54c549e2f5ac0f90dfb7a2222fd4d33d161895496cca7a225aadffe68
                                                                                        • Instruction ID: 66269bbb0f49c0e9324af796de84b28d49bbe4ffc129d07343cd7945703d6b08
                                                                                        • Opcode Fuzzy Hash: 906eaba54c549e2f5ac0f90dfb7a2222fd4d33d161895496cca7a225aadffe68
                                                                                        • Instruction Fuzzy Hash: 1AE026FA9160009FC208D744E842D867374474C248F79084CE90F8FE70E736E8548260
                                                                                        Function 6CD594D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\listobject.c,000000A9), ref: 6CD594FB
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD594F5
                                                                                        • ..\Objects\listobject.c, xrefs: 6CD594F0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\listobject.c
                                                                                        • API String ID: 376477240-2051030382
                                                                                        • Opcode ID: 0e3ffb9c0c83c75d8d654e2d7103a309fd0b9f60b6d2d6ee757430d0256b77a6
                                                                                        • Instruction ID: f54d84af44b9ab53949183b8424ad81cf89fae3718b0335e671d10c5e4120b74
                                                                                        • Opcode Fuzzy Hash: 0e3ffb9c0c83c75d8d654e2d7103a309fd0b9f60b6d2d6ee757430d0256b77a6
                                                                                        • Instruction Fuzzy Hash: BBE0DF387003086FD210DAA8CC46E2473A8CB02338F148788FC2C0B7D1DA21E82196C1
                                                                                        Function 6CD77E90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\tupleobject.c,00000072,?,6CD39B5A,?), ref: 6CD77EB8
                                                                                        Strings
                                                                                        • ..\Objects\tupleobject.c, xrefs: 6CD77EAD
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD77EB2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\tupleobject.c
                                                                                        • API String ID: 376477240-1285866127
                                                                                        • Opcode ID: 5cefbaa94804aafc91c785aadc9d69e283b29beecad8e693c6ee1b76f8e5ac2c
                                                                                        • Instruction ID: 5b9a444ab0a897de28f1253d0b0945d440cb36481acd0b010d1cbdfe22c562c5
                                                                                        • Opcode Fuzzy Hash: 5cefbaa94804aafc91c785aadc9d69e283b29beecad8e693c6ee1b76f8e5ac2c
                                                                                        • Instruction Fuzzy Hash: 6DE0DF38B042085FD220DAA8D842E1577A8CB42238F148B89BC2C4BBD1DA22E811A6C2
                                                                                        Function 6CD647C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\methodobject.c,00000040), ref: 6CD647E4
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD647DE
                                                                                        • ..\Objects\methodobject.c, xrefs: 6CD647D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\methodobject.c
                                                                                        • API String ID: 376477240-511127496
                                                                                        • Opcode ID: 1bbe41cd75fda7540294d8cc2fff0b4f4e92112c49bffe0f73800a315529c9bd
                                                                                        • Instruction ID: a1778447fa8a89ac28fdee0a29d2d437ed8193c227e4f640835af77aaf64c893
                                                                                        • Opcode Fuzzy Hash: 1bbe41cd75fda7540294d8cc2fff0b4f4e92112c49bffe0f73800a315529c9bd
                                                                                        • Instruction Fuzzy Hash: FBE020766001448BC210DFD8CC46D10B3A8D702274F144785BD3C4BFE1DA31E851C6C5
                                                                                        Function 6CD64740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\methodobject.c,0000002C), ref: 6CD64764
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6475E
                                                                                        • ..\Objects\methodobject.c, xrefs: 6CD64759
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\methodobject.c
                                                                                        • API String ID: 376477240-511127496
                                                                                        • Opcode ID: 1c4e7a604edb2dbb198355fae452924953b1a98bb2f02f7d06c2d1c66d8b82c5
                                                                                        • Instruction ID: 4a0012ca79015f0577b3a5999a0fdbb9188a908255caf50072de7845122e16bf
                                                                                        • Opcode Fuzzy Hash: 1c4e7a604edb2dbb198355fae452924953b1a98bb2f02f7d06c2d1c66d8b82c5
                                                                                        • Instruction Fuzzy Hash: 86E086767001049FC710EBD8DC47D55B7E8D706154F548689BD2C8BFA2EA22E9518AC1
                                                                                        Function 6CD2B030 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyObject_Compare.PYTHON27(?,?), ref: 6CD2B043
                                                                                        • PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2B077
                                                                                        Strings
                                                                                        • null argument to internal routine, xrefs: 6CD2B071
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CompareErr_Object_String
                                                                                        • String ID: null argument to internal routine
                                                                                        • API String ID: 874617099-2212441169
                                                                                        • Opcode ID: b536392b341e859fc5bb7c59b6a677ecb88ba0c80a4be10105552d6e3293c7eb
                                                                                        • Instruction ID: f6564c5a92f5f1d81ac5f5d64b50a82ea73f58a28c3d98392f419fd54be8fc80
                                                                                        • Opcode Fuzzy Hash: b536392b341e859fc5bb7c59b6a677ecb88ba0c80a4be10105552d6e3293c7eb
                                                                                        • Instruction Fuzzy Hash: F8E04F74710208ABDB098B66C980F6673A99B05628F100718A92987AE1D775E94086A8
                                                                                        Function 6CCA31B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyArg_ParseTuple_SizeT.PYTHON27(?,U:charmap_build,?), ref: 6CCA31C1
                                                                                        • PyUnicode_BuildEncodingMap.PYTHON27(?), ref: 6CCA31D5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Arg_BuildEncodingParseSizeTuple_Unicode_
                                                                                        • String ID: U:charmap_build
                                                                                        • API String ID: 2048781984-921886291
                                                                                        • Opcode ID: 9aae367d01b842b6d2d6f44c1e749c60775cd326d622b65bc96612c30e376b7b
                                                                                        • Instruction ID: e85fe801999475c66809341c5eda67ea9b7b931fe5fbdc6dfc7eb1bf4534e19e
                                                                                        • Opcode Fuzzy Hash: 9aae367d01b842b6d2d6f44c1e749c60775cd326d622b65bc96612c30e376b7b
                                                                                        • Instruction Fuzzy Hash: 46D05BE5A0410D7B9A04C7E1BD51CBA736CCB4561DF0443A5FD0C43B11F532EA1893E2
                                                                                        Function 6CCA74E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyDict_DelItem.PYTHON27(00000000,?), ref: 6CCA74EE
                                                                                          • Part of subcall function 6CD45100: PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\dictobject.c,0000036B), ref: 6CD4512D
                                                                                        • PyErr_Format.PYTHON27(00000000,unknown dialect), ref: 6CCA7506
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format$Dict_Item
                                                                                        • String ID: unknown dialect
                                                                                        • API String ID: 2379282386-3850176341
                                                                                        • Opcode ID: 2a205fdfe021e098aa1d04aa28ecb88c90d785005a7ee647c7bc421e5cb3eda3
                                                                                        • Instruction ID: bc36e925980b92ca746c7fa9a93a7510242e40764c7e04219bab0ec59d581717
                                                                                        • Opcode Fuzzy Hash: 2a205fdfe021e098aa1d04aa28ecb88c90d785005a7ee647c7bc421e5cb3eda3
                                                                                        • Instruction Fuzzy Hash: 0ED0C2F6B5030467CA049754AC4287673BC9758609B04851AED0C87F11F631F81586A0
                                                                                        Function 6CD39DE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\classobject.c,000000A2), ref: 6CD39E07
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD39E01
                                                                                        • ..\Objects\classobject.c, xrefs: 6CD39DFC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\classobject.c
                                                                                        • API String ID: 376477240-1919307765
                                                                                        • Opcode ID: 3c44126da810263d3296ea62ec8c5521b2b96c486e77ee916ee23e46ad23c79f
                                                                                        • Instruction ID: 3e44f155f379c856929e52123bc4452287ef374fceb8b768afb8fd7599e71299
                                                                                        • Opcode Fuzzy Hash: 3c44126da810263d3296ea62ec8c5521b2b96c486e77ee916ee23e46ad23c79f
                                                                                        • Instruction Fuzzy Hash: 2BE0C2757013085FC620EF98DC03E6473B8D70A254F504BD6FC2C9BBA1EE21E92086D2
                                                                                        Function 6CD39DA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\classobject.c,00000098), ref: 6CD39DC7
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD39DC1
                                                                                        • ..\Objects\classobject.c, xrefs: 6CD39DBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\classobject.c
                                                                                        • API String ID: 376477240-1919307765
                                                                                        • Opcode ID: 68e073f6a51b872bdf6f27e030c59218778c674db2662f217505ad63c5db12cf
                                                                                        • Instruction ID: 49a1e01046be0b806c573f54667e1df3af440b96aa87e58395905c9d78188928
                                                                                        • Opcode Fuzzy Hash: 68e073f6a51b872bdf6f27e030c59218778c674db2662f217505ad63c5db12cf
                                                                                        • Instruction Fuzzy Hash: F8E0C2357412085BC650EFA89C07E64B3F8C70A165F148786BC2C8BBA1EE31E92087C1
                                                                                        Function 6CD39D60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\classobject.c,0000008E), ref: 6CD39D87
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD39D81
                                                                                        • ..\Objects\classobject.c, xrefs: 6CD39D7C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\classobject.c
                                                                                        • API String ID: 376477240-1919307765
                                                                                        • Opcode ID: 24dc3d17afc7fd5b88c05017951e93214a0fe4a58b9472b3578f7fff8d1c09fe
                                                                                        • Instruction ID: 57ad01932e257f866908c9a1b08ad1668ba74cbaa2f258e289f4885d767a98c0
                                                                                        • Opcode Fuzzy Hash: 24dc3d17afc7fd5b88c05017951e93214a0fe4a58b9472b3578f7fff8d1c09fe
                                                                                        • Instruction Fuzzy Hash: 0FE0C2357002085BC610EFA8DC07F6473F8D70A154F148B96BC2C8BBA1EE21E96087C2
                                                                                        Function 6CD4AE80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _PyObject_CallFunction_SizeT.PYTHON27(6CEE5F20,su#nns,?,?,?,?,?,?), ref: 6CD4AEA6
                                                                                          • Part of subcall function 6CD2F2F0: PyErr_SetString.PYTHON27(6CEE65C8,null argument to internal routine), ref: 6CD2F317
                                                                                        Strings
                                                                                        • _lsys.float_infoA structseq holding information about the float type. It contains low levelinformation about the precision and internal representation. Please studyyour system's :file:`float.h` for more information., xrefs: 6CD4AE99
                                                                                        • su#nns, xrefs: 6CD4AEA0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallErr_Function_Object_SizeString
                                                                                        • String ID: _lsys.float_infoA structseq holding information about the float type. It contains low levelinformation about the precision and internal representation. Please studyyour system's :file:`float.h` for more information.$su#nns
                                                                                        • API String ID: 2991985268-2788084165
                                                                                        • Opcode ID: 454d279b4474a90d1c3ddff837bd72050efabced3451a597ffcd4942b8788cbd
                                                                                        • Instruction ID: be6232b80401deecc4c0455948e2a2208839d6948ced16d27af5c443228e204a
                                                                                        • Opcode Fuzzy Hash: 454d279b4474a90d1c3ddff837bd72050efabced3451a597ffcd4942b8788cbd
                                                                                        • Instruction Fuzzy Hash: 2FE0B6B6610209AF9B04CEC8DC81CAB33BDAB9C604B109508BA1887300D634EC518BB0
                                                                                        Function 6CD64780 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\methodobject.c,00000036), ref: 6CD647A4
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD6479E
                                                                                        • ..\Objects\methodobject.c, xrefs: 6CD64799
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\methodobject.c
                                                                                        • API String ID: 376477240-511127496
                                                                                        • Opcode ID: 3ae4095198171c88e6b34a59e8f09715292949907072da95726789bdefd8d7fc
                                                                                        • Instruction ID: dd73e801d01fed2238ef5d6c7d9e8142cd40234c75176ea92d521611ad4ff0ff
                                                                                        • Opcode Fuzzy Hash: 3ae4095198171c88e6b34a59e8f09715292949907072da95726789bdefd8d7fc
                                                                                        • Instruction Fuzzy Hash: 29E086766011045B8610EED89C47D55B3E8D7051A4F148686BD1C8BF61EA21A95186C1
                                                                                        Function 6CD559F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\funcobject.c,00000061), ref: 6CD55A14
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD55A0E
                                                                                        • ..\Objects\funcobject.c, xrefs: 6CD55A09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\funcobject.c
                                                                                        • API String ID: 376477240-778741475
                                                                                        • Opcode ID: 5681f17032517762019178439c97fadf85b6419881d373b9568ba2e672813e31
                                                                                        • Instruction ID: 9e60c3402c4654a17b748e6f86ec8617a4858ec2b00a9f3aa9585773ef5c526c
                                                                                        • Opcode Fuzzy Hash: 5681f17032517762019178439c97fadf85b6419881d373b9568ba2e672813e31
                                                                                        • Instruction Fuzzy Hash: 11E0C2797412085F8B10EBD89C83E64B3A8DB05194F544AC5FD2C8BFA1FB22E8A087D1
                                                                                        Function 6CD559B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyErr_Format.PYTHON27(6CEE65C8,%s:%d: bad argument to internal function,..\Objects\funcobject.c,00000057), ref: 6CD559D4
                                                                                        Strings
                                                                                        • %s:%d: bad argument to internal function, xrefs: 6CD559CE
                                                                                        • ..\Objects\funcobject.c, xrefs: 6CD559C9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_Format
                                                                                        • String ID: %s:%d: bad argument to internal function$..\Objects\funcobject.c
                                                                                        • API String ID: 376477240-778741475
                                                                                        • Opcode ID: 8cbce1b8989ef4d572438918901a9aab2d44e5ecac9bf06c658291efe66d0e59
                                                                                        • Instruction ID: 9f79733a7106dbaecec302888c81928f5558c85005235045ade2856ff3f44039
                                                                                        • Opcode Fuzzy Hash: 8cbce1b8989ef4d572438918901a9aab2d44e5ecac9bf06c658291efe66d0e59
                                                                                        • Instruction Fuzzy Hash: 61E0C2757052089F8B10EBD89C43E24B3E8D7091A5F504785FD6C8BFA1EB21E9A08AC1
                                                                                        Function 6CD570A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyInt_FromLong.PYTHON27(?), ref: 6CD570AE
                                                                                        • _PyLong_FromByteArray.PYTHON27(?,00000004,00000001,00000000), ref: 6CD570C5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$ArrayByteInt_LongLong_
                                                                                        • String ID: &k
                                                                                        • API String ID: 14725604-4254052200
                                                                                        • Opcode ID: 1e2aa13561610bc81dfad886fb63ff6865535c2438d11388074d983dbbe60a2c
                                                                                        • Instruction ID: b5abafeab7260c50d263cdc17c89ee72354c9259df8023d4d69877ebff5f6260
                                                                                        • Opcode Fuzzy Hash: 1e2aa13561610bc81dfad886fb63ff6865535c2438d11388074d983dbbe60a2c
                                                                                        • Instruction Fuzzy Hash: 67D05BB194030872DF005BA8EC41BDA379D471076DF608551FA1C9E6D1E671E2A441E5
                                                                                        Function 6CCA96C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 6CCA9290: PyString_FromString.PYTHON27(cannot iterate over closed LogReader object), ref: 6CCA92CE
                                                                                          • Part of subcall function 6CCA9290: PyErr_SetObject.PYTHON27(?,00000000,cannot iterate over closed LogReader object), ref: 6CCA92D7
                                                                                        • PyErr_SetString.PYTHON27(6CEE5B38,no more events in log), ref: 6CCA96EA
                                                                                        Strings
                                                                                        • 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt, xrefs: 6CCA96DE
                                                                                        • no more events in log, xrefs: 6CCA96E4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: Err_String$FromObjectString_
                                                                                        • String ID: 8[lfunction(code, globals[, name[, argdefs[, closure]]])Create a function object from a code object and a dictionary.The optional name string overrides the name from the code object.The optional argdefs tuple specifies the default argument values.The opt$no more events in log
                                                                                        • API String ID: 354487993-1601283432
                                                                                        • Opcode ID: 37a16d4981a9e17552e93d877d8a38b4532b149d6c1bc510289be6614e5c5819
                                                                                        • Instruction ID: dc21ab0d7323bf4f6185329aec28929853a0a2fc9a4e85e96d10a8d3bfc47655
                                                                                        • Opcode Fuzzy Hash: 37a16d4981a9e17552e93d877d8a38b4532b149d6c1bc510289be6614e5c5819
                                                                                        • Instruction Fuzzy Hash: C2D0C2F9A20346579B40C7E8988A842337C5B1830C7504520E90987A21F232E505C350
                                                                                        Function 6CD67140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PyNumber_CoerceEx.PYTHON27(?,6CD2C8C1,?,6CD2C8C1,?,?), ref: 6CD6714B
                                                                                        • PyErr_SetString.PYTHON27(6CEE48B0,number coercion failed,?,?), ref: 6CD67163
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000002.00000002.2252125739.000000006CCA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CCA0000, based on PE: true
                                                                                        • Associated: 00000002.00000002.2252110206.000000006CCA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252479238.000000006CDEA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252553697.000000006CEBF000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CEC0000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252569851.000000006CED4000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252619382.000000006CF11000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                        • Associated: 00000002.00000002.2252634918.000000006CF24000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_2_2_6cca0000_pyexec.jbxd
                                                                                        Similarity
                                                                                        • API ID: CoerceErr_Number_String
                                                                                        • String ID: number coercion failed
                                                                                        • API String ID: 559835178-3059949011
                                                                                        • Opcode ID: 63fee9d644cb193f85e1cdff0a184946aeadc05cbc0a1dd1c54ac2ac27274b07
                                                                                        • Instruction ID: 566f558b3bfedb7a6bd022ff89dddb804dc7c1bb11f68e39752700e490ebb7e8
                                                                                        • Opcode Fuzzy Hash: 63fee9d644cb193f85e1cdff0a184946aeadc05cbc0a1dd1c54ac2ac27274b07
                                                                                        • Instruction Fuzzy Hash: 50D0A7BAA1020877DA00D779BC40C5633BC9B48729F208B15BC2C87B90EB35F51887B0