Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FS-JFDIBGWE.msi

Overview

General Information

Sample name:FS-JFDIBGWE.msi
Analysis ID:1563656
MD5:b6061310d0598eb19680e7ce5474ba9a
SHA1:635b0ea7d756b8a4fa2d6bbdab739c0ded8f110f
SHA256:0b3486a5d2cec89ec0452ef4b971d4e1c9dfe3caefae753f05b44ec210bb9d87
Tags:msiuser-Porcupine
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Query firmware table information (likely to detect VMs)
Switches to a custom stack to bypass stack traces
Tries to evade analysis by execution special instruction (VM detection)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Launches processes in debugging mode, may be used to hinder debugging
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7332 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\FS-JFDIBGWE.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7364 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7440 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1B3A46C9CC141CE48342EF23A709DE5E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • chrome.exe (PID: 7592 cmdline: "C:\Users\user\Contacts\chrome.exe" MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
  • chrome.exe (PID: 7912 cmdline: "C:\Users\user\Contacts\chrome.exe" MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
  • chrome.exe (PID: 7972 cmdline: "C:\Users\user\Contacts\chrome.exe" MD5: DD36EA28C576FB0AD109B42D3D6C9F96)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Contacts\chrome.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Contacts\chrome.exe, ProcessId: 7592, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Financeiro

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-27T09:57:17.739735+010028033043Unknown Traffic192.168.2.449730162.214.64.21280TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Contacts\chrome_elf.dllReversingLabs: Detection: 36%
Multi AV Scanner detection for submitted file
Source: FS-JFDIBGWE.msiReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
Machine Learning detection for dropped file
Source: C:\Users\user\Contacts\chrome_elf.dllJoe Sandbox ML: detected
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\initialexe\chrome.exe.pdb source: chrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: FS-JFDIBGWE.msi, MSI5653.tmp.1.dr, MSI5576.tmp.1.dr, 5851ae.msi.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: global trafficHTTP traffic detected: GET /dsdrk/inspecionando.php HTTP/1.1Host: e-notas.comCache-Control: no-cache
Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 162.214.64.212:80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /dsdrk/inspecionando.php HTTP/1.1Host: e-notas.comCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: e-notas.com
Source: chrome.exe, 00000003.00000002.2934138270.0000000004F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e-notas.com/dsdrk/inspecionando.php
Source: chrome.exe, 00000003.00000002.2936954997.000000006A891000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.2936522083.000000006A891000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000008.00000002.2936570568.000000006A891000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.indyproject.org/
Source: chrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: chrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: chrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: chrome.exe, 00000007.00000002.2934737279.000000000678B000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.2934889139.0000000006B9B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facturacorrecta.com.es/raw
Source: chrome.exe, 00000003.00000002.2935130081.0000000006DAB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facturacorrecta.com.es/rawndo.php
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5851ae.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5576.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5604.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5653.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5683.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI56F1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5BB5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5851b1.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5851b1.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI5576.tmpJump to behavior
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00400A203_2_00400A20
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F6AD03_2_003F6AD0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B6D803_2_004B6D80
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0047A7703_2_0047A770
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F80303_2_003F8030
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004580603_2_00458060
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004C08603_2_004C0860
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0048A8A03_2_0048A8A0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004769503_2_00476950
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004281003_2_00428100
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004ED11C3_2_004ED11C
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B19D03_2_004B19D0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0053B9903_2_0053B990
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004E81903_2_004E8190
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004789B03_2_004789B0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004E5A503_2_004E5A50
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004782103_2_00478210
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B7A303_2_004B7A30
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B5AC03_2_004B5AC0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004132E03_2_004132E0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004F12B03_2_004F12B0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F2B303_2_003F2B30
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003FEB603_2_003FEB60
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004CB3803_2_004CB380
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004BC3903_2_004BC390
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00425C503_2_00425C50
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00402C703_2_00402C70
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B74703_2_004B7470
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00408C003_2_00408C00
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0043F4C03_2_0043F4C0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004734F03_2_004734F0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B24F03_2_004B24F0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0044C4803_2_0044C480
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00475CA03_2_00475CA0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B2D403_2_004B2D40
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004145203_2_00414520
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00402DC03_2_00402DC0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B85F03_2_004B85F0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004DA5803_2_004DA580
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F25F03_2_003F25F0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004EDDAD3_2_004EDDAD
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00472DA03_2_00472DA0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0050EDA53_2_0050EDA5
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B1E403_2_004B1E40
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003FD6203_2_003FD620
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0047E6003_2_0047E600
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00484E103_2_00484E10
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004856203_2_00485620
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003FC6503_2_003FC650
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00458EC03_2_00458EC0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B5ED03_2_004B5ED0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B96F03_2_004B96F0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B8EA03_2_004B8EA0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003FEED03_2_003FEED0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_005106AA3_2_005106AA
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B0F503_2_004B0F50
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00478F203_2_00478F20
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004757203_2_00475720
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0049BFC03_2_0049BFC0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004CA7C03_2_004CA7C0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004727F03_2_004727F0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0047C7A03_2_0047C7A0
Source: Joe Sandbox ViewDropped File: C:\Users\user\Contacts\chrome.exe 07D849EAF8BBBCE5ABD7EC2348DFF0394F49E803C34120629AE258E62A1A32BD
Source: Joe Sandbox ViewDropped File: C:\Windows\Installer\MSI5576.tmp D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
Source: C:\Users\user\Contacts\chrome.exeCode function: String function: 00514060 appears 208 times
Source: C:\Users\user\Contacts\chrome.exeCode function: String function: 00479F70 appears 36 times
Source: C:\Users\user\Contacts\chrome.exeCode function: String function: 004CE040 appears 43 times
Source: chrome_elf.dll.1.drStatic PE information: Number of sections : 13 > 10
Source: FS-JFDIBGWE.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs FS-JFDIBGWE.msi
Source: classification engineClassification label: mal84.evad.winMSI@8/157@2/1
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_005315D0 FormatMessageW,GetLastError,LocalFree,3_2_005315D0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML5C2D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFF2D8A596F911DC2A.TMPJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: FS-JFDIBGWE.msiReversingLabs: Detection: 15%
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exeString found in binary or memory: Try '%ls --help' for more information.
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\FS-JFDIBGWE.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1B3A46C9CC141CE48342EF23A709DE5E
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"
Source: unknownProcess created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"
Source: unknownProcess created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1B3A46C9CC141CE48342EF23A709DE5EJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: idndl.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: idndl.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: security.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: idndl.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: magnification.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Contacts\chrome.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: FS-JFDIBGWE.msiStatic file information: File size 26120192 > 1048576
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\initialexe\chrome.exe.pdb source: chrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: FS-JFDIBGWE.msi, MSI5653.tmp.1.dr, MSI5576.tmp.1.dr, 5851ae.msi.1.dr
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F9990 LoadLibraryW,GetProcAddress,3_2_003F9990
Source: initial sampleStatic PE information: section where entry point is pointing to: .E7b
Source: chrome.exe.1.drStatic PE information: section name: CPADinfo
Source: chrome.exe.1.drStatic PE information: section name: malloc_h
Source: chrome_elf.dll.1.drStatic PE information: section name: .didata
Source: chrome_elf.dll.1.drStatic PE information: section name: .YLi
Source: chrome_elf.dll.1.drStatic PE information: section name: .7Hz
Source: chrome_elf.dll.1.drStatic PE information: section name: .E7b
Source: MSI5576.tmp.1.drStatic PE information: section name: .fptable
Source: MSI5604.tmp.1.drStatic PE information: section name: .fptable
Source: MSI5653.tmp.1.drStatic PE information: section name: .fptable
Source: MSI5683.tmp.1.drStatic PE information: section name: .fptable
Source: MSI56F1.tmp.1.drStatic PE information: section name: .fptable
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004E9F3B push ecx; ret 3_2_004E9F4E
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI56F1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5683.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\Contacts\chrome.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5576.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5604.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5653.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\Contacts\chrome_elf.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI56F1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5683.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5576.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5604.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5653.tmpJump to dropped file
Source: C:\Users\user\Contacts\chrome.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FinanceiroJump to behavior
Source: C:\Users\user\Contacts\chrome.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FinanceiroJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5300005 value: E9 8B 2F C0 71 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 76F02F90 value: E9 7A D0 3F 8E Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5320007 value: E9 EB DF C1 71 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 76F3DFF0 value: E9 1E 20 3E 8E Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5330005 value: E9 2B BA B9 71 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 76ECBA30 value: E9 DA 45 46 8E Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5360008 value: E9 8B 8E BB 71 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 76F18E90 value: E9 80 71 44 8E Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5370005 value: E9 8B 4D 88 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 75BF4D90 value: E9 7A B2 77 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5380005 value: E9 EB EB 88 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 75C0EBF0 value: E9 1A 14 77 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 5390005 value: E9 8B 8A C4 6F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 74FD8A90 value: E9 7A 75 3B 90 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 53A0005 value: E9 2B 02 C6 6F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7592 base: 75000230 value: E9 DA FD 39 90 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4D50005 value: E9 8B 2F 1B 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 76F02F90 value: E9 7A D0 E4 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4D70007 value: E9 EB DF 1C 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 76F3DFF0 value: E9 1E 20 E3 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4D80005 value: E9 2B BA 14 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 76ECBA30 value: E9 DA 45 EB 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4DA0008 value: E9 8B 8E 17 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 76F18E90 value: E9 80 71 E8 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4DB0005 value: E9 8B 4D E4 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 75BF4D90 value: E9 7A B2 1B 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4DC0005 value: E9 EB EB E4 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 75C0EBF0 value: E9 1A 14 1B 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 4DD0005 value: E9 8B 8A 20 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 74FD8A90 value: E9 7A 75 DF 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 66A0005 value: E9 2B 02 96 6E Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7912 base: 75000230 value: E9 DA FD 69 91 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 4DE0005 value: E9 8B 2F 12 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 76F02F90 value: E9 7A D0 ED 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 4E00007 value: E9 EB DF 13 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 76F3DFF0 value: E9 1E 20 EC 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 4E10005 value: E9 2B BA 0B 72 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 76ECBA30 value: E9 DA 45 F4 8D Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 4FD0008 value: E9 8B 8E F4 71 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 76F18E90 value: E9 80 71 0B 8E Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 5160005 value: E9 8B 4D A9 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 75BF4D90 value: E9 7A B2 56 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 5170005 value: E9 EB EB A9 70 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 75C0EBF0 value: E9 1A 14 56 8F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 5180005 value: E9 8B 8A E5 6F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 74FD8A90 value: E9 7A 75 1A 90 Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 5190005 value: E9 2B 02 E7 6F Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeMemory written: PID: 7972 base: 75000230 value: E9 DA FD 18 90 Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Contacts\chrome.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeSystem information queried: FirmwareTableInformationJump to behavior
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B501811
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C16AB37
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C18AE6D
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C19D312
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B65C149
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B4FAA8A
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B4F1B2E
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B64AE6B
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF352C7
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C129020
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B53D8A3
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C16DAD9
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BEFEFF6
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5752A5
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BFD6591
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BEE2954
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF7A98C
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B6E02CB
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BEEB0CB
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B6476D7
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B6F24E9
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BFB747C
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B665EB8
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C14EF1A
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B6BF059
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5DC3AC
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B54ECE3
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B6FA92E
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF21866
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C12FF99
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B4A5B9B
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B4C098F
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B658409
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C1F7EC6
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BEE4985
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5249DC
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B6CA300
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5D64A0
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C302FC0
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B570AB9
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B61FCD1
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BECDE78
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B4F166C
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5E9AC9
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5A9DC1
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B61E32F
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C16CCB1
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B5FC88F
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B56A9C9
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C152497
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C16106D
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B631131
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B709C98
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B54EA69
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF9AC1E
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C13ED6D
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF154FD
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF10584
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BFA7807
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C1970CC
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6BF5C590
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6B624EF8
Source: C:\Users\user\Contacts\chrome.exeAPI/Special instruction interceptor: Address: 6C0EDD8D
Tries to evade analysis by execution special instruction (VM detection)
Source: C:\Users\user\Contacts\chrome.exeSpecial instruction interceptor: First address: 6BF871EB instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Contacts\chrome.exeSpecial instruction interceptor: First address: 6BF06A81 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003FCFF0 rdtsc 3_2_003FCFF0
Source: C:\Users\user\Contacts\chrome.exeWindow / User API: foregroundWindowGot 369Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI56F1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5683.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5576.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5604.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5653.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\Contacts\chrome_elf.dllJump to dropped file
Source: C:\Users\user\Contacts\chrome.exeAPI coverage: 2.8 %
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F8030 GetModuleHandleExW,GetLastError,SetLastError,GetLastError,SetLastError,GetCurrentProcess,K32GetModuleInformation,GetLastError,SetLastError,GetLastError,SetLastError,GetSystemInfo,GetLastError,FreeLibrary,FreeLibrary,FreeLibrary,3_2_003F8030
Source: chrome.exe, 00000003.00000002.2934138270.0000000004F88000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2934138270.0000000004FC8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2934138270.0000000004FE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: chrome.exe, 00000008.00000002.2934141019.0000000004FE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~
Source: chrome.exe, 00000007.00000002.2934084888.0000000004AD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Contacts\chrome.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Contacts\chrome.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Contacts\chrome.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Contacts\chrome.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Contacts\chrome.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Contacts\chrome.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Contacts\chrome.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003FCFF0 rdtsc 3_2_003FCFF0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00504F36 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00504F36
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F91A0 GetLastError,SetLastError,SetLastError,OutputDebugStringA,WriteFile,3_2_003F91A0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_003F9990 LoadLibraryW,GetProcAddress,3_2_003F9990
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"Jump to behavior
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0043C090 GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,AddVectoredExceptionHandler,CreateThread,3_2_0043C090
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_0053B3B0 SetUnhandledExceptionFilter,3_2_0053B3B0
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004E9D48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004E9D48
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00504F36 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00504F36
Source: C:\Users\user\Contacts\chrome.exeMemory allocated: page read and write | page guardJump to behavior
Source: chrome.exe, 00000003.00000002.2935130081.0000000006E01000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.2934889139.0000000006BF1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROGRAM MANAGER)&
Source: chrome.exe, 00000007.00000002.2934737279.00000000067E1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROGRAM MANAGER)&~
Source: chrome.exe, 00000008.00000002.2934889139.0000000006BF1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerVOI%
Source: chrome.exe, 00000003.00000002.2935130081.0000000006E01000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.2934737279.00000000067E1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.2934889139.0000000006BF1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROGRAM MANAGER
Source: chrome.exe, 00000003.00000002.2935130081.0000000006E01000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.2934889139.0000000006BF1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROGRAM MANAGERa&
Source: chrome.exe, 00000003.00000002.2935130081.0000000006E01000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.2934737279.00000000067E1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program ManagerVO
Source: chrome.exe, 00000007.00000002.2934737279.00000000067E1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROGRAM MANAGERa&~
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00409620 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,LocalFree,CreateNamedPipeW,SetLastError,3_2_00409620
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_00416910 GetLastError,SetLastError,_strlen,GetLocalTime,_strlen,SetLastError,3_2_00416910
Source: C:\Users\user\Contacts\chrome.exeCode function: 3_2_004B3B10 GetVersionExW,GetProductInfo,GetNativeSystemInfo,3_2_004B3B10

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		3
Process Injection		21
Masquerading		1
Credential API Hooking		1
System Time Discovery		Remote Services1
Credential API Hooking		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		21
Virtualization/Sandbox Evasion		LSASS Memory541
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		11
Disable or Modify Tools		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Process Injection		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain Credentials11
Peripheral Device Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync215
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1563656 Sample: FS-JFDIBGWE.msi Startdate: 27/11/2024 Architecture: WINDOWS Score: 84 33 e-notas.com 2->33 43 Multi AV Scanner detection for dropped file 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 Machine Learning detection for dropped file 2->47 49 AI detected suspicious sample 2->49 7 msiexec.exe 90 173 2->7         started        10 chrome.exe 2->10         started        13 chrome.exe 2->13         started        15 msiexec.exe 2 2->15         started        signatures3 process4 file5 23 C:\Windows\Installer\MSI56F1.tmp, PE32 7->23 dropped 25 C:\Windows\Installer\MSI5683.tmp, PE32 7->25 dropped 27 C:\Windows\Installer\MSI5653.tmp, PE32 7->27 dropped 29 4 other malicious files 7->29 dropped 17 chrome.exe 1 14 7->17         started        21 msiexec.exe 7->21         started        51 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 10->51 53 Query firmware table information (likely to detect VMs) 10->53 55 Hides threads from debuggers 10->55 signatures6 process7 dnsIp8 31 e-notas.com 162.214.64.212, 49730, 80 UNIFIEDLAYER-AS-1US United States 17->31 35 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 17->35 37 Query firmware table information (likely to detect VMs) 17->37 39 Tries to evade analysis by execution special instruction (VM detection) 17->39 41 2 other signatures 17->41 signatures9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
FS-JFDIBGWE.msi16%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Contacts\chrome_elf.dll100%Joe Sandbox ML
C:\Users\user\Contacts\chrome.exe0%ReversingLabs
C:\Users\user\Contacts\chrome_elf.dll37%ReversingLabs
C:\Windows\Installer\MSI5576.tmp0%ReversingLabs
C:\Windows\Installer\MSI5604.tmp0%ReversingLabs
C:\Windows\Installer\MSI5653.tmp0%ReversingLabs
C:\Windows\Installer\MSI5683.tmp0%ReversingLabs
C:\Windows\Installer\MSI56F1.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://facturacorrecta.com.es/raw0%Avira URL Cloudsafe
http://e-notas.com/dsdrk/inspecionando.php0%Avira URL Cloudsafe
https://facturacorrecta.com.es/rawndo.php0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e-notas.com
162.214.64.212
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://e-notas.com/dsdrk/inspecionando.phpfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://facturacorrecta.com.es/rawchrome.exe, 00000007.00000002.2934737279.000000000678B000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.2934889139.0000000006B9B000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://crashpad.chromium.org/chrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmpfalse
      		high
      http://www.indyproject.org/chrome.exe, 00000003.00000002.2936954997.000000006A891000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.2936522083.000000006A891000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000008.00000002.2936570568.000000006A891000.00000020.00000001.01000000.00000004.sdmpfalse
        		high
        https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newchrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmpfalse
          		high
          https://crashpad.chromium.org/bug/newchrome.exe, 00000003.00000000.1730930216.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2933668776.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1946740917.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2933702710.0000000000582000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.2032554828.0000000000582000.00000002.00000001.01000000.00000003.sdmpfalse
            		high
            https://facturacorrecta.com.es/rawndo.phpchrome.exe, 00000003.00000002.2935130081.0000000006DAB000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            162.214.64.212
            		e-notas.comUnited States
            		46606UNIFIEDLAYER-AS-1USfalse

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1563656
            Start date and time:2024-11-27 09:56:10 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 36s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:10
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:FS-JFDIBGWE.msi
            Detection:MAL
            Classification:mal84.evad.winMSI@8/157@2/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 65%
            • Number of executed functions: 12
            • Number of non-executed functions: 173
            Cookbook Comments:
            • Found application associated with file extension: .msi

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: FS-JFDIBGWE.msi

            Simulations

            Behavior and APIs

            TimeTypeDescription
            08:57:20AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Financeiro C:\Users\user\Contacts\chrome.exe
            08:57:29AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Financeiro C:\Users\user\Contacts\chrome.exe

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            162.214.64.212SecuriteInfo.com.Win32.Evo-gen.22243.20256.dllGet hashmaliciousUnknownBrowse
            • e-notas.com/dsdrk/inspecionando.php
            SecuriteInfo.com.Win32.Evo-gen.22243.20256.dllGet hashmaliciousUnknownBrowse
            • e-notas.com/dsdrk/inspecionando.php

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            e-notas.comSecuriteInfo.com.Win32.Evo-gen.22243.20256.dllGet hashmaliciousUnknownBrowse
            • 162.214.64.212
            SecuriteInfo.com.Win32.Evo-gen.22243.20256.dllGet hashmaliciousUnknownBrowse
            • 162.214.64.212

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            UNIFIEDLAYER-AS-1USFelix Paulpaymentsummary.pdfGet hashmaliciousUnknownBrowse
            • 192.232.216.163
            https://farhimzaman.com/file/Enquiry-Dubai.jsGet hashmaliciousUnknownBrowse
            • 162.241.114.35
            https://www.filemail.com/t/YJycry3GGet hashmaliciousUnknownBrowse
            • 173.254.28.51
            https://farhimzaman.com/files/Enquiry.jsGet hashmaliciousUnknownBrowse
            • 162.241.114.35
            la.bot.arm7.elfGet hashmaliciousUnknownBrowse
            • 76.163.47.71
            la.bot.arm.elfGet hashmaliciousUnknownBrowse
            • 192.185.47.137
            https://clickproxy.retailrocket.net/?url=https%3A%2F%2Fpaydcosx.z13.web.core.windows.netGet hashmaliciousUnknownBrowse
            • 108.179.192.93
            nklppc.elfGet hashmaliciousUnknownBrowse
            • 50.87.245.175
            https://upthinktutors.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVpHNXRVVFk9JnVpZD1VU0VSMTQxMTQxMTIwMjRVNTgxMTE0MDU=N0123N%5BEMAIL%5DGet hashmaliciousUnknownBrowse
            • 108.167.141.19
            https://protection.retarus.com/v1?u=HttPs%3A%2F%2Fteste.solaireenergia.com.br%2Ffile2024%2Findex.php%2FA10xDMr.5D5U.Dsd%2FDs.abDsDM1.DxJ5q92D1%2FPlanilha_040674135214.x3ls&c=11R4q4t1W6&r=7CfYXWr84cn0XS9o1yi8FM&k=7s1&s=LO6sggjBAIEqnAZRUvGBrGBMVQoRSpeHE163RQ7aDVBGet hashmaliciousUnknownBrowse
            • 108.179.253.121

            JA3 Fingerprints

            No context

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Users\user\Contacts\chrome.exenf963-5d-qns6-w812.msiGet hashmaliciousUnknownBrowse
              nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
                C:\Windows\Installer\MSI5576.tmphttp://propdfhub.comGet hashmaliciousUnknownBrowse
                  http://res.pdfonestartlive.comGet hashmaliciousUnknownBrowse
                    740d3a.msiGet hashmaliciousUnknownBrowse
                      740d3a.msiGet hashmaliciousPureCrypterBrowse
                        j45EY4ovxx.msiGet hashmaliciousMatanbuchusBrowse
                          pdfguruhub.msiGet hashmaliciousUnknownBrowse
                            JR2xwuR1Zc.msiGet hashmaliciousUnknownBrowse
                              rs8dpaIe6D.msiGet hashmaliciousUltraVNCBrowse
                                Bill Details.exeGet hashmaliciousUltraVNCBrowse
                                  Bill Details.exeGet hashmaliciousUltraVNCBrowse

                                    Created / dropped Files

                                    C:\Config.Msi\5851b0.rbs

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:modified
                                    Size (bytes):18708
                                    Entropy (8bit):5.534827628243452
                                    Encrypted:false
                                    SSDEEP:384:Z0vX6+pU/+AeLOsyJQcF/mi7l8oB7ie3BoP8igvu9MMgZ902Pz60KOhIaT3eIhF2:ZMD0Pry
                                    MD5:E65549E1BC133990029B1F1351BF6F14
                                    SHA1:AF86F22A64B9FB8DD77B010C320056DAC5BAAEA6
                                    SHA-256:C592DEF7CA86C89E8C1E9B74EE5781F5281C51D0D2BA868F6A65FB72ED118D07
                                    SHA-512:C26922B779CC95EC4D4CAAC8243032006589E7CD02F2541B5760D8818F01BDACDB1F52BB870F808F43426A081A2D37FAC86893D6F97184E2EE8A08A42FC80DF0
                                    Malicious:false
                                    Reputation:low
                                    Preview:...@IXOS.@.....@#.{Y.@.....@.....@.....@.....@.....@......&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}..Google Chorme Updat..FS-JFDIBGWE.msi.@.....@.....@.....@........&.{E061E987-F755-4888-941E-18DA12F1D569}.....@.....@.....@.....@.......@.....@.....@.......@......Google Chorme Updat......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{3B6BDBC4-2324-4D70-B1CA-94B741C61BF2}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{C8D017D3-89C0-4250-9FFB-5D9684AF0A8D}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{D5998543-BD40-48E5-B2B3-340A1A6BC8BF}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{6C2AF152-BDD7-48E0-A2DE-D854C860F818}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{9F462EE0-6F93-497C-B68E-DBA788B46E2D}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{3FACF0BD-4910-45D1-9434-0161BE324E6F}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{D2C73612-

                                    C:\Users\user\Contacts\126.0.6478.183.manifest

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):228
                                    Entropy (8bit):4.96140190480482
                                    Encrypted:false
                                    SSDEEP:6:KdhlRu9TbX+A8/5RFYpe05XkZh05XX0CdiYCMfrA1G:KLuVA5cpe0qf0h07v9G
                                    MD5:7D70F9F08AEA7529C4A415345387F51E
                                    SHA1:985E221DF971ED6ED3F5A2CE3F9652C8055728F9
                                    SHA-256:93F47029627FCCE5CCF59779BF4D4315BBC9C96189DEA1B9D5DB62A54F017591
                                    SHA-512:D224084384A8B28E813D4C666B3A95D2C8C77D2262740760917D265D4626F89C6AF5F2AAE01F4CB3CD3C2236463D567D035061B44827A898D67A18A9EDEAC7DE
                                    Malicious:false
                                    Reputation:low
                                    Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='126.0.6478.183'.. version='126.0.6478.183'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

                                    C:\Users\user\Contacts\chrome.exe

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):2252904
                                    Entropy (8bit):6.790821016155236
                                    Encrypted:false
                                    SSDEEP:49152:tX1r/EHlIN8LAEIenc6tn8F3KhSX2sJSPLvScP+B:tXh8Hlm8LAELc6pw3KhSX2sgPLg
                                    MD5:DD36EA28C576FB0AD109B42D3D6C9F96
                                    SHA1:34DCE3F5EC37472A79CEA43959C319CF67E22D35
                                    SHA-256:07D849EAF8BBBCE5ABD7EC2348DFF0394F49E803C34120629AE258E62A1A32BD
                                    SHA-512:F8CD93CC9888A95CA47852D7B6725213C0E0B905A66E19AC41428E83A0ADE17803EAA77F3C5C7719B733E745A09D669B89554647017D4414D34ED626C69B52E5
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Joe Sandbox View:
                                    • Filename: nf963-5d-qns6-w812.msi, Detection: malicious, Browse
                                    • Filename: nf075-4d-qns0-w383.msi, Detection: malicious, Browse
                                    Reputation:low
                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....o.f.........."..........(....................@...........................#.....U."...@.........................N..........d....p...C...........8".h(....".....|v.......................u....... .....................<........................text...J........................... ..`.rdata....... ......................@..@.data....E.......8..................@....tls....]....@......................@...CPADinfo(....P......................@...malloc_h;....`...................... ..`.rsrc....C...p...D..................@..@.reloc........"......R!.............@..B........................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\Contacts\chrome_elf.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):15230976
                                    Entropy (8bit):7.96079741896592
                                    Encrypted:false
                                    SSDEEP:393216:o5Q5b41aY7uxjvp1bScjWdvJ5xOvybJ77azn:kQ5e1s4cjWdhyqN7ar
                                    MD5:590A863E9F29DD0AACD0C947FB2E010B
                                    SHA1:A94F40F6E44584F2D8909A0331340176A38362DC
                                    SHA-256:C82DCB843482E04293EE5930B1D67F5CC752DB6E8140867A34242923D6ECD774
                                    SHA-512:1F15161F84018C7B4E8CD70789C19CA8D763BE351D7DD75DDC919A562ABD570EE7668668845022427712EB7AAAFFD269811225568EC2E97B574DE655F629A2D7
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 37%
                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........PE..L.....Eg...........!......7..N......B.h...... 7...@.......................................@.................................lvp.,.................................................................................... ..t............................text.....6......................... ..`.itext..D.....6..................... ..`.data........ 7.....................@....bss....hz... 8..........................idata...:....8.....................@....didata.......8.....................@....edata........8.....................@..@.rdata..E.....9.....................@..@.YLi..........9..................... ..`.7Hz......... ......................@....E7b.....P...0...P.................. ..`.rsrc................V..............@..@.reloc...............`..............@..B..................... B......ZA.............@..@........................................................

                                    C:\Users\user\Contacts\file.cur

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
                                    Category:dropped
                                    Size (bytes):326
                                    Entropy (8bit):1.2807478913655284
                                    Encrypted:false
                                    SSDEEP:3:GlFFXlGFllfl/t+lklel/e/hRD:Gl/Nls62bD
                                    MD5:DBD44C4AC444D2E0448EC0AD24EC0698
                                    SHA1:371D786818F0A4242D2FCED0C83412CAA6C17A28
                                    SHA-256:BF79BFFDBA70F456CB406FD1ECE8652750363B94188510B5D73F36C8EA6E7AE9
                                    SHA-512:E8025CEB6ECB76B480F279D7E42DEEC8B96C0C1D64CFA3B7AF1E68320281F0F2A9B886AFC16AADE4E2178878970C4909FD650C1DC3C37594D040141ED0AB113F
                                    Malicious:false
                                    Preview:...... ......0.......(... ...@.......................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv0.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):57347
                                    Entropy (8bit):7.996758830363174
                                    Encrypted:true
                                    SSDEEP:1536:zKN5WPlWSx3OQBxcuz6s19zhLvA0b3gZRApJcdkSjhR:Uwld3HxBz64zhLIq3QRAbKkSj/
                                    MD5:5297CF1015ABDA948140165C9281288E
                                    SHA1:640DB260B9D02A1F1018BFB046374528AE2C78EA
                                    SHA-256:B1AA1DF684313638E43DAC5A61E58F5B30F6D05C7E7306EFCD0FD18FFA67F9F7
                                    SHA-512:8834D89480EE0790C2AA120A29C58E9A3DAAFF5AA0F0259773D447B9BC61A152E9335A0C0C601066D03232B4D5E15804EF120B78094D5A56B2CBB0A6B5B2C517
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#...)....7a.;..`.U.....r|..~.....8'..3s.4..\H...%..CLi.u..*......+....T.................K.....>.....8.W."V.* :\...jj....W...,.{FH...O...oT....t......-Y..qB.4.... .....nI.X.O.d..H.k....D>......J......w..vJ$FA..!..... 1.............].O.."..WB.?.{...1.E...L.d..tXQ.X.6n..........9.-...7.G..\.K.KDU..+K/.~].X..ak..&.F.y...?e~N+?qy.I.. G..&...x.r~.......Bk<..T..M.eh..n...)S{.J...-.X.....6.....d..g.]..2.$.0.O./..|D!.....oe.Da.=..{.....P.L~..%.."......&m6....J!.O.S..9.h....X9~..r...0.Y.....w...A....u:{... ......L...c...=.i.Yt}tdp..X&.F_CV.....Q..9...?[..u_(..7..wj.>.^...{...31..P..7.E.90.f.L7..c.j....a.....nN.km.i.....V&.AXF..`@..L\.....atj.k...;.:......_...;y4..G..8...)....^C.1q.[..C....T/.W......[.{.Xa.....-:..x...i.......wi......$;....0....0.ia..W.p3.`..........b|a.T....2B.j..<.zM{.-..6 .j..(.0..7H/.....+..51\(Y?.gY.(..W.*....qUma.*..[.a0........#4..Yj.<....c.~7....6P_.-....a.^...[ZR\........

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv0.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):41884
                                    Entropy (8bit):7.99572522591119
                                    Encrypted:true
                                    SSDEEP:768:NPjCzTBF6lqKSle3fo8wBs9tFPFqAOwbDQgFObKr374qUoCT2XkroPX5:ByoqJevo3stRF1NbD/gmrAoDXkMX5
                                    MD5:9195D393018B1976DCE57B114D630DA9
                                    SHA1:9B649B0C0FEE0A2BF3602619401C9289AB26146B
                                    SHA-256:0C50CE717ADFFDB86CD2A034409E9B8BECF9B779AEA2CF7042F3EB007D04445E
                                    SHA-512:945AD44629F6CD723BC5ECD0E5457BBE1FA7EFC1CA2073E440F2F209C6E2D1B3CA2B342F9026E99C4B63355432F449956068ABFB8B08F1B120410F5C49733338
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#..b.6.......}...). m/.Kb......vP.:..}.k"..`N....%L.k.....B.<h8s!H`..(......`q...:.j.z3.X.O..TEVM.fAZ...v..O...._...._....;e........V2..\....R~0..#4%.B.!$........<AMe{..C.Ls.a..T..D.8.6...K.N..d..z.N>..q.U...|.~d......&hO8H...x..s.n.8.,Q..!.:...0t..Z.M...;............)a.....Z.\......-..j.w.:..p>.......@.\8..;...&d.7..k..+...........*..svw..dY.o.(...g..6.../~|i...0...D;....t.u.i.........1ux..|......}.mg[%`......A.[.+.I0....VV.h9.}.^_..@.....F....1a..6..D..7....C..d..D..,...@....VM.cx.7S/.....!d.w..Z........q..85/".n.v..s.4=H?.'o.6mXR.u.<..._v..W..z.....Q...b?..........l7..s..W......9.[.j.......s....$...i..8...B..+.1R......t..=S#.9...0]......-Vo'...x..;M.fK6..~....+i.g..E<83'.,.m.y....a.....@\.P....z7B....wF...E..kq..^.....j..WY........7......)....9...y...:.Q7B.C..}........i...p.b.....?.o5.x.({..m...C...B..e2.C.'. .[{.z.qwc..{..~.yJ.....:..$3.z....F.$`...r.....$..).T..).w.w...r."..W\.....

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv0.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):42864
                                    Entropy (8bit):7.9958162175760235
                                    Encrypted:true
                                    SSDEEP:768:4/Yk4mI/CYk9eg6h7aGKYWcGprhGz71eVGPlgbV2eqhYpF:0YkvI/O9F6h70YWbpMRSGtgbV2eqhq
                                    MD5:3AF0C5BA784FAB071C6033494C4C6F49
                                    SHA1:801F5377EC4675CDB26ABD06CB7895A933DA2115
                                    SHA-256:85FC2B295C5004E4D346728DD5EBE5BA10EE05DFEDD196EC730417A2B39FC86A
                                    SHA-512:3BD00D61C7879CEE05CB5EA8DE46378C66475B0043B724110A8CFD4003941FC0C936E4FEA37034C75DA186D726030CF21D056C82085FE6DA4C36AF484B1EB776
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#.....G..*..GlJ0..t.J{..).B4..!.PG..../.I.A..]X#,LR.......g..c-.0%.!.R.8..$../7k.....%.....R.-...-.YP..R..K....'.....C..........j9..Y."-..NJ..T.,..6[.V.Mo\.....D..._..=&S.'@...f!*Tt.}........Js.s...+.......[..pQ.B....._<..._.9+.r..........%....C..w.F..Q........PR..e.n.1..ls.&.,.q.@.-......W....&.d..o'....f.B..qT..;.".8f|N....Tr...p.P...Y.^j...1M.K.Aht..rw..2...|...}....2.Y...61-..R..>.I..3..DC..0..1..WnzX.....hvsF1.#.#%F..;..n9.5B....=.E(.../....z.?.;S..o.#.-..$IB....E.2....?D2...(:PN.c.vt........-.{..Rt..;..L.F.+.6.6A9JaO....KD.~?o.D#..j.*..#...,(.0...Y:..z.@.{.m...Hb..B.....I.....'...S....<9].U.8......<m( ?..W...Z.Q...Y*.W..6...'...&<lb.........:^...+4....e....*-..B.?eNt..7.8p..'.Y.Wyb...?..d.._cc....`[P..?.~..,....9+.q..A.> N.Q...;..#....&..k&X.&..h..W.)...Bu....+c..{.V.....l.wA*&.*..Q.3x`.........`..u.{x...X...4~T.~Y..}-\....T.-...Z.h....].$.k.L...4.1tE.B....,_.mq..z.syG.@.......X.*..$

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv0101.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):71130
                                    Entropy (8bit):7.997395950602131
                                    Encrypted:true
                                    SSDEEP:1536:6uav+BjNtujQNPUiSuGk/WVUg+CKu1ioii1Za5liS05XLiT:6u/BjvziiSaOVYvoii1ZWb05mT
                                    MD5:60B76D2FA62DEF9CC37D33F320136CFC
                                    SHA1:F7EDD174CD7FBBAD5A1E6C29933B49905456E90D
                                    SHA-256:2628D0C86F18CC722C75AA9D9EEF5329C7DB674FF1D2460775B473CB30D58008
                                    SHA-512:AB719CF3BAE92BBC6CB4EB04B041604CF426D1E7C242ADCF8E0C94CAF3DA502080A9C63CC60DB6237117E5B293FA8477D536ED3E6E5BC64A64CB5359ED265F19
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...(R=.m.w9..J...D.....iD..aFp(..M]w......o/l.}.+5!.".............<.Z8.@..D.@c.u.g..\...2.op]....HZU.\....EWh,}A.X......PqPd.....H...T1t..,.~.....S..m3\,........p...t...D....v.....X. .Z`d...1.s-...'.*R.....C........W/.....y...^..?..4..Z..osIC...j........v2l........~.c.fN}.DQ.;7{[.R.....w....D.......CQj!+*%J...../3..+r]..)...L.....s.E7..C........e.......E.Y0.'..yC.[,..{..o....m.y`...._.-z....#.}.r..1DC:....Ft...O..*...<L9...3.3.w..8.I...:...~...n.K...&R..R..s7../1{g......s....e.*.I..b...e\8N...v..H'.5..Z.KU...i.s.g<"......*.9p.j....n...6c._^?e[....Q-..!zB.H.BO?;.?R9...A...+.....I>

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv1.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):90741
                                    Entropy (8bit):7.99772780022569
                                    Encrypted:true
                                    SSDEEP:1536:BW68pTu/DzylC/KrWuo2kqy/31NftiQZs/Ye4Y0oD65WxEw9HNDE7:oJpTQz6C/KKpz58Ks/f44G5WxEIJy
                                    MD5:31BE227EBD00EB32E0D97C03547953AA
                                    SHA1:29B9357D45D7B9417E8D701562DF4ECF029AA235
                                    SHA-256:2ABD44444B428A8438980C23290653818567A1C52A6F6E28CD582F02ED7A1997
                                    SHA-512:8962F0F3D09CE5FCEC54C4C311593A53BF8C5510E9558D1D2AA17539F55CD9362DD44FEBAFDE2FA9FA2DF92FFC7FBB4AACC54971829ECE6F0A368E237D59F5FD
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv1.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):23014
                                    Entropy (8bit):7.993330995993904
                                    Encrypted:true
                                    SSDEEP:384:BW6Npc2cLZYGT+bJP89WYiJJbfSvNUUi9++4qEiEyJ8B0ih/n2:BW6Npchus+bJP8wLf7U8F2iR40Y/n2
                                    MD5:3F07A14138725B4FEA87018778E99C9D
                                    SHA1:E9476B1F97D68E4B041CE45B3AC8B367FDA9AE73
                                    SHA-256:884AF08E980F32A5D857AEF65E94D692CC5179F0298151CB3EEE28307D5294C3
                                    SHA-512:5621FB39A236BB634E8E2C99237592532B914DC532D23922410615FA7D4D41B7A8452AB2BA318DEF99910FF72C9BF212BE463EB0C34D91DF85900F37136C059E
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv1.200.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):350024
                                    Entropy (8bit):7.999332112422404
                                    Encrypted:true
                                    SSDEEP:6144:SVjwYdom2WUKHsqdV5wIiHsDHT1CH4cZvrPCJjCiNnQcurJ7W5v1qKswpkxAmXms:SVs2om2WUKVdVTis1CH46vepCBW11xsJ
                                    MD5:A1D4F0985249B5996726C81DC9E90FCC
                                    SHA1:E1B81B820ADFAA229FCC6B93A82DB00E6C1D2BE7
                                    SHA-256:A09EA9840853B6DB7848CA8A6181D74E2B60D68E34D56351A1930D321C3BB17E
                                    SHA-512:0700C51690F3817B3F97BC7B5EEBD2F1A158CDC12DE20BB2598819EF70DCF97B8817BFA5F224815AE14536C0E3D08E51CD72F299BA26E05A11AC164840D4E8FA
                                    Malicious:false
                                    Preview:.#D...e..,....=s...[7..!]....\&)>..............&..Gw.fx..h.KGJi...W.....5"qK..B~.pV....{.....J....Y%.....t.r(...!..PN.K....P.....a..K.....Xm...y......S.x.wO...]...LX.Vf.ot6...T.8..Fl..n...V....?.k.. ....j<.;..4.R9h.......T.-4...SG...V...3Oo...h...q...{L.r...]......U..6....@6..&...:@l..."....._.7K.A..,e.............G}b.....b....\.z.L.FUj.aW..7..\.A.]L16.r!...n..#.4.+...D9.zj....g..*.L.? ~..+..y....d.Q...<o]}..8.....|.$3mv].....].U.(.m..\..?P.....u.?..Q..4,...T.6.......U.....LI.Z^4...Ok.@!.).........&^...>M......W...&]S..V%c0.3.qt......J'..^B..|..Q.F.a.1...._...I.D..o.. a.~7..~.......D.;.$n..8.|.yuyN....Hxc.9.?.Ay.(....fG....;/G.4.@ip...s`/.;.c.V....-7.|...x.{.R...F.4]..K...9.Y.V........-.q;..J|..X...~..);.C...{........$.".....n..@..#..........E...O/..e.y3.".....o.....N.....<...n..Q..Q.\=H...T..... .[8...5)..Y..jr...'.....Z.:..te..AQJ.-7....~..^..`.O...>.'.N...b.Z....Au....3.o.....a...2t..i..R.W.....B.Y....1.....Q#...M..!..T.L

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv1.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):64412
                                    Entropy (8bit):7.997009584668567
                                    Encrypted:true
                                    SSDEEP:1536:BW6+yg8Lks0LNMax67S2fSMxkTo+Oh/GFjlC1f4CO8RkY7H2JUkgGiXPwbj4:op8gsg5xYS2q9TzOHOCO8RNH2JUPGiXx
                                    MD5:C5A27652BFEF12D580F8C7D9278BFB56
                                    SHA1:B8FA94A092969B00A2CA49AADE501F86C7D05124
                                    SHA-256:84239C96D1A3EEA8F4A1131EE859C70863D2D2FF981DB955A204D06FB3E399F9
                                    SHA-512:93485D1AAFFD03E2B9BDF8AC519B4A1B2F9504B7DECE5A72E93BD78D7C1EAF287D347D6B0088CB665395B2099C9DE8285444986DAF6955C984B4BD0447679C99
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv10.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):53999
                                    Entropy (8bit):7.996770426163462
                                    Encrypted:true
                                    SSDEEP:1536:BW6XYLT5F0YEIefnYXpZZ878ZUqvsLj+LCGHiGP:o1H5JEIefIp7U8V0Lj+LCA
                                    MD5:21A9EE4A323D30EBF01E909E0D2458DD
                                    SHA1:B1FF6EF537D741A21DE4C9940711E5403CB95154
                                    SHA-256:84FF014DDE709723B41574356866AE44A9C31FBE172719091AF2F7C211F515C5
                                    SHA-512:8376BE074DDCCD81B0B512F45D22C96D4DF2CB2BC28051977B489784E9A96BE195BC451BA34D010EC006817843525090B99323B2FA171396E0554F5752F15A47
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv10.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32176
                                    Entropy (8bit):7.995349694654279
                                    Encrypted:true
                                    SSDEEP:768:BW6N0QSaME0UDtQrJ06y1AdWkYnAC67Ho77gDtUcJydY7AxG8OGY1kbJ7:BW6PSaMc5Qr+Oul77gpUckoOOBCbB
                                    MD5:0F47D734176C343CF3FBE700D08D0062
                                    SHA1:5D33092BE18F4EA93B82B852B806436AB9AAE103
                                    SHA-256:61D82DE1D9F5DF0B5F96C7F4E1CB249E3A41A49A3225FA2C58E781E0AA8AC351
                                    SHA-512:CB602DAAD0CC177BAA032389842F9D47D4D3085363875FAD9947FC735E8DD883C558EB35F4C944B340A25A3F15768FF3084ACB3622224516DA3D046E0E6ADE68
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv11.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):103698
                                    Entropy (8bit):7.997954975179584
                                    Encrypted:true
                                    SSDEEP:3072:onCjBvz5FE815qPXpDm/1pJUEOYMKzxhqZRgSgfXU5:TjBvzrEY5qPXpD4TJLM6NU5
                                    MD5:D5607B6BF989EF431346619F0D81D09F
                                    SHA1:7C9606C08F7EE8176948A694BF36ED7BEF058571
                                    SHA-256:C8E14FDE2559E6F71CA0CF023D2CC51636E171B206CAEFC11DEF6045D98E66A1
                                    SHA-512:E92948490B261A222FD26237CC3A94E68EC561EE42B0ED2D54267EB0A17CB1A8B4BFB0DC2474E6945D6BB6E6A3062B55A875A445CCF265A225390C3537F6BDE1
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv11.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):36816
                                    Entropy (8bit):7.995057511765618
                                    Encrypted:true
                                    SSDEEP:768:BW6NKcj+tNNn72mIuTvBvWG4q8hQP7eW5QJsdU9Q9qRpK8vP1O9:BW6yfB7nFvaQTeaBUQqDK8u
                                    MD5:8912777F68DD57322A21A454A3038289
                                    SHA1:F7373B9BF2C1BE2542144873D904D3205514F13E
                                    SHA-256:26F01B5F8468B8E78D88232717D2785C9EAEC35F239820AFB0DDA382297A0830
                                    SHA-512:B5D0AC28F90B07F4C02CC1CE80351970767E77962C1E6065240D3224E9AA42F7DD8BC016029459E3837912BEDD40DF63A1A5513E17BC45DF1F9AACE133F2F7F2
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv12.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):89867
                                    Entropy (8bit):7.997920440624809
                                    Encrypted:true
                                    SSDEEP:1536:BW6/ECkXeC2oyI7arfNZ9kst46VHoxTlC3Vvz+/1ELZiK5Y1NvJMFF7JLwqyrnVQ:ocrkos7Wpt46VHoxTcVq/1ELZikUvJMr
                                    MD5:5056454E25D9DA771B1927ED97BFAF0D
                                    SHA1:1A7E91BE971E815071A58C54BA57B9FB613DFDDB
                                    SHA-256:EDCAF92F597D225DB49C4DF56300BF4962177B689409758571790DAF262575CA
                                    SHA-512:67A0322E0E9C1C6D06235C43C57BB85BCB20156B292989A963D598D4801B36AF9A255427D6A3891347BAB88614FD1E1556C44FD143D2D7131A713C025ED8E202
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv12.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):30981
                                    Entropy (8bit):7.994864854434588
                                    Encrypted:true
                                    SSDEEP:768:BW6NgZIbV8Eyzb56mJ/dc7F1Jc+rtiStdtL:BW6m+xVyn5lldSF1JpDtL
                                    MD5:56D17C7CB534DD8290971648EAEF4B84
                                    SHA1:AA757929675926B17D02078C69F0F3B4972C6E18
                                    SHA-256:7860C45AB4056B141C9031E95F2E93E852531D1AA03B4E5FD6164C6C4E812C64
                                    SHA-512:6340A31150A45DEA1E367319F18BD2FE6C6BEB7CB975638935B28D95514091BF6E48DB8B8E9060F96A621BC00EF5F57237BD0F13549EFA0024298CF069A02D0F
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv13.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100846
                                    Entropy (8bit):7.998158896251984
                                    Encrypted:true
                                    SSDEEP:3072:odWE3d6L0GenMnlMkDVZI8+NOqKzazG5zsPfeT5yw:YVrhA1DVZIhkN1zseTx
                                    MD5:91EC970B7C15E11680F47A1413B72962
                                    SHA1:339B0A308CD1F5B4174F7F43999A4281C205503B
                                    SHA-256:6BF4C19E221830BD5BABCAC9F92089A656882E3793FC69879D804788960FD223
                                    SHA-512:4226E840940163B0525EEAA9D372C8247F9CBC2D84068E0EFB9A01D2D8B118D50C9351BF077F5C865BD3A9359F560792A3483933806583602CFA79731E118834
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv13.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33480
                                    Entropy (8bit):7.995378671824126
                                    Encrypted:true
                                    SSDEEP:768:BW6N286l4XkLghjeSo6+pEVf4J1wAJ/G7mRlgW6WsvV0YYQ:BW6zhilLD11e7fWBsvVpYQ
                                    MD5:76865ECCE4C30C2536236ED171A0D76E
                                    SHA1:B5E5C62D55D317D1D7F77915C5738A8635C82C9C
                                    SHA-256:C7B799B3DEE229B709AD9DAE5E029FA5A7D7BE8BE0454F49527B632C07D9F625
                                    SHA-512:B585721BE72E8BE50CB13C2EB0F3A80AA85A17FC49C542E95BFBFCBC898F09E6BC370388FB583F1CC2D216A37834CC3F7C7BEBFACE45F68F037133ACE812A90D
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv14.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):101922
                                    Entropy (8bit):7.997980089704199
                                    Encrypted:true
                                    SSDEEP:3072:ozGLP4gGk7MqyFe+v5FSXq8vymH3AhLBvVu53s:c2Mqy00FSVbXAhK53s
                                    MD5:3D8772A6F26F6BAAD2715A514D7A419D
                                    SHA1:5062988072F8CC660EAD6BB5BC7767EBD68705E3
                                    SHA-256:8FA4E1AF5CBF40A9A52A718BD43EF4C089632E732B1EAC5299E73994E947B219
                                    SHA-512:C96969F7A0F509B39DF3378600A1F83AA1E72B62FD2CA7AB23880A10A60D1D05D368500E385E31EFDA7D6B21E4F038F0F55AB88AD8ABD4966568F0DA78711BCD
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv14.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):34450
                                    Entropy (8bit):7.993568193715657
                                    Encrypted:true
                                    SSDEEP:768:BW6NxQk/u3KCN5PkV12Ms5n9wclxmgWwiApAQAgnus5lUZgsqK:BW6sk/uNN5Pkf2fnnNi0FAgnusrmSK
                                    MD5:20354B294A886DE9EED65C05B8B4E0EA
                                    SHA1:FDB0C9C8E67DC389C3D33BFEAA45B11EADE89B37
                                    SHA-256:3B01077CB6F2B33E1FD4B44D6F8FCB2144840AB59E819665B331CBB753E1DD1D
                                    SHA-512:6AFC0716FD5CA327A20E1B91138D7840F741943552C72D4BED4F91D97E685F245D3085848C548A0875455C54646A95B085C49737A8820F71C4D2AF87519C760A
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv15.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):94880
                                    Entropy (8bit):7.998273684433496
                                    Encrypted:true
                                    SSDEEP:1536:BW6ki9VOORyBJuKi8oWqJB9DTEhIr9i854OjWihTenAmM6EUKUT+hH9FtqsaQD1:oq9VOTBJuKi8oWqJB9DTECQ9OjWihgwL
                                    MD5:D7901A0FB829DB040107D2C02943A4D6
                                    SHA1:18A852B5DA7A2B57A6154C83C80F62ED67570791
                                    SHA-256:E2F925AA3AF7174F26E96571038AB83FC1D1D8F4F5A2EB1C48C654EDA1E6A2D1
                                    SHA-512:BE831DCD06567A2F9A23988086BEB16880847879626ACE28208F0BF2EC99883C26C326F708D6BDDFB5BD97D476AE119135682B2FC9571B990376B74260CD0725
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv15.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):34480
                                    Entropy (8bit):7.9953759299235685
                                    Encrypted:true
                                    SSDEEP:768:BW6Naojf7WVL3er0d3esbt78wNXg6w1E0xLmPSpJW5aBG:BW6wojDM3er0dRuaQ9XbDG
                                    MD5:490064B278F31F395A1D93488FE7417C
                                    SHA1:85F0BAEABE880AEC6324E2D994BAA37235C8F260
                                    SHA-256:30DEFE60FF9390B8B828759FBF90B152A8F8BE7423258897E31712E27AA18463
                                    SHA-512:A0001C53159AD3A033D53FCC86A7DF622C4313938674DBE58951915D212058829C031EBE7AAAFE06EE998A4037FBADE880FAA9957EEE6F6AC4CED272D7162971
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv16.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):97471
                                    Entropy (8bit):7.997963841827689
                                    Encrypted:true
                                    SSDEEP:1536:BW6XaXXzu+S2cEfzIaUU4EHvAQq5xoJOzift1Y//H7PzqmsKW+pQEtrJookIbC:oLu+SPKES4EHvA15OEuf2Dns4pQEYok3
                                    MD5:7E93CE1B4A288A0764CAB1A866932F7D
                                    SHA1:1EEE7FCFA3EDACB29875BCA791855FE5327ECA0B
                                    SHA-256:F6D10BF1489717408DC6F215A3996AE1C666D50FEC1AB4D80D84C0BF0D8F28A6
                                    SHA-512:7BC1C0130184686025A6E367E56C74848778C27C166A815FE25D410D1C2B1F75616DB95E6596072242B0C3CF431938E4D339292DEA515D3214D6CC8C9A1A87A6
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv16.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):37147
                                    Entropy (8bit):7.994941099826608
                                    Encrypted:true
                                    SSDEEP:768:BW6NWTnwyRRds+R5aAqqp7E0m5CZkpmyWj8AQtOjY/Eob0xqucr0ULBnT:BW6unx/6+R59qqn9tj8AQoY/EdAhr0QT
                                    MD5:3E9FF1A1C7D11B406196267E0C1FE54B
                                    SHA1:539E9238F09C47E907E428B3F9C993A74E3A89F2
                                    SHA-256:B87FD006B7A4B7CA41B0C0C836636CDC46A1B87AB8BB0C17C0380FA42BC40E05
                                    SHA-512:D3071B70A00F40927EF048DE939E35BD22234F41CF6069196DF967326835EED9FFD77F5964008EE3906A439DEE7FEE9C0E6A1C6061D1332BC1C32A6B592AEA3E
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv17.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):108523
                                    Entropy (8bit):7.998242819406155
                                    Encrypted:true
                                    SSDEEP:3072:onFeB6AcOWd374OzOHlh6Hy00+GJTNo/y:4STDvMChJBOy
                                    MD5:B954EE1D0DDBD6917660F9C3BD90703A
                                    SHA1:D21DFBB906266FCB3569968A706DAEE6BC399176
                                    SHA-256:AA5EFEE8E48E66DDF491A2F253ABE81E304E36A8F9A2A45B54F0C7F415D70582
                                    SHA-512:70E00C351D8AC5215C4865C6ED196008D6267CF0CFA463524814B6761E807A6A07850749334594E13F98FD6D2A8706DA7EFCEE6421A49CA699234F9770D38856
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv17.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):41834
                                    Entropy (8bit):7.995867858033007
                                    Encrypted:true
                                    SSDEEP:768:BW6NwIdvCYp/JggXqA+ymRuElNDsCDD7KZblz1rs:BW6a+CKJgbru8XDD7KLzW
                                    MD5:199C9F4ACDC95653F0741CD7BBED72E7
                                    SHA1:872E1E241DA7FAB037DB2C8C855B02C25CF29C94
                                    SHA-256:E77435E9B11AE1A2A014EE878F069BDD9198ED746CBACA50AD334020125858EC
                                    SHA-512:4C458E9E6B8C10EBE868BF6FA8CF62EB8F8EB8BE664BC9F2DEB61E5AE371891BB6554407D6DE158796420F7EC67A24E05D244E181D64835922586511BA81C2F3
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv18.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):91207
                                    Entropy (8bit):7.998041486799748
                                    Encrypted:true
                                    SSDEEP:1536:AohPjAwtlx9NE0xivxzsyvfVZq2vJbKRypOHsDEO1TDnjsX12j:A+PsWl7NhCWy1BqMDJ1noXsj
                                    MD5:55023E704F32EB3F068C673D0FEA18CB
                                    SHA1:D20D01F61ACA12CB38E9C62737A895FFDDCF6A4E
                                    SHA-256:96C294875C7A8068301FB076CFC5DEFD26DF7B47AD875F6804886D0E374DD725
                                    SHA-512:1D8E2326C19FC3818AB0860ED0665F870550CD6E83DDE9856A344407484FFDA919E8FF63549F0EFDF1D0BCA2ADAA5E86A3D70735C52767E860DE191D391DBE19
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7Zc..|..9."....V.<{%....x......J....l...u..a...lt49O.B8.k. .Y.&\..P..b..V..!..!"..f..*5......F/n..<q.l....y:..t.qc...ng.,..............8."..*..7.H...B....i..V........m4..C!.|-[.J<.f...#p.rTW.....N.t......Gb*T...Tc.Vk..`.....+........m.VM3*....Ij.,.{e..)0.l..\9.....Z.`.....u.........-v.k.Cc.a.p.....SZ8.....= ..:..<.NO....;.0i.A~.C....[V..|0.m#R.k.8..D....m..(Gk...,...'.nY4~..+z.......<ih..C....C.u.;&.00"....w...4..d.!f..._..Y+!0......u.|.S.....9.......e=[....s....U..@.A...q.*.k1...b,p@..L..O.....O^>.AC...4zu...c:..6.....U%:_.b\/.....>.l..T.w..~.....`...E.J...`.}.`..wt_qQ..T/.a......Fl6..MV.U.5f#C.......`.E%.l......W....RB+.>+%.2/t.+.f....x....A...b.A....?7.....2............U.RD...\I..Vga...}...JF%....hN=...;........?....n:$...$S.P............{....F8..#...f...3.:Gc.X.....bg..b.ZL.....= 9.1p.)...d..W.Hq}.FmxP.s.t.....7......bkr.P.....O...W....:,...t...&.+..i.,/..w...d.......!..{/..Q.Q...._

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv18.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):70067
                                    Entropy (8bit):7.997558546255013
                                    Encrypted:true
                                    SSDEEP:1536:LEdkDhpUE4wxgU8wrLdymUCTWUMcLYJ5npJ:Yulp8wFgmUCKPcL8P
                                    MD5:26E1D8BF489FA30F98149CF812E0A1D2
                                    SHA1:3C063A89D5D9E18CAF21E35C398FD50E09D9426A
                                    SHA-256:340B5EA15AAC2496C69567327F34EB33E1AF6FC4BD8201B81E32A3816B475826
                                    SHA-512:BACB0C82B889AFC2DDC001D38CEAE7067204802F03A4AB7818888509007B1E70028BFC5A9C1C3C657C56BD6E0CE12DA7EE306B21D277D6B83F4FA05A93829963
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7Y...y+.....e.'...v).....5..'.{.?.K...+E.u........f/. \....$..@.......O.4..5......V..j&....A..I..Qx..Q..u...v.....4...k.B."=..}A.....*.. |^bU-._.4z..D.8.*.....Q..wk....e....i..D*.:COK..}'|@...a!rr..I..=P....Y...A+k..........Y...5...%Dk.ch+X.._.|rU..P.`....LU7(0=..A.:....{.8.kJ.;.~.p...]]....2....R.'..b.;6}7r....q......|.../.9..k.u..!s....u...*.6.....v....o`.l.8........wJ:H.a`..hG./......?...}..#Q[.s..x.`. .(.M...B...:...^.z2.Oki....J.=r.....%....L1....m6.d....r...a.y..s.O......n...4..|Uf......Q.k..9.,...4...J.n.j.......w..*...sM.MCGNg....~....ZFM.K..U...}o....DF..Z.aI.`e.V}............0?.l.....>l.(....N...|.O.{.H..7....}#Rr.A(vie.......o...y.,...xlG`...=...f.Xw.c..[8%.<..cF.aa7.....4....8:......6#.B.(..9^..g...S....).".....W....6.^.f....#......v..1;.ha,...>.5!1.7ruW0...._.>.N...$E..$..|..+...'.)C>...KS...'..).!.*k...'.....y.:..s...D. +CF.dz.,7vS.7....7.M-.....L.`....d<6.......,..H.u

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv19.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100400
                                    Entropy (8bit):7.998110943531547
                                    Encrypted:true
                                    SSDEEP:1536:BW62nhG8AQQBT53JFN+5TpbPZVBGhxZi1Ka1UxtunyibE/A7H+RyMtcNltuFTJ5N:oFyQQFJFA5TFAu9nyizaRbtcNl2uo
                                    MD5:D0EA1D0ABDB8F217D26A0CC27116268C
                                    SHA1:74F9A8FDCD8A5279C6458A37B75C38A09A4C921B
                                    SHA-256:DC51F45745036F0A6F9F902BDC57412B928DB386BF0393497DEDF53D183833E2
                                    SHA-512:6555BE4B95F5C175527209C7C570E72A84EADE8484ADD399A1BE63EB3E80963DFF5EB72DFFFA33FEFC1946AAD340DD0E45DC63F793BE5FCC1F51A1B5757CC819
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv19.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):40466
                                    Entropy (8bit):7.995475681302088
                                    Encrypted:true
                                    SSDEEP:768:BW6Ng6eiZHToV4q3BzoK6hMB2gFuDkVk/xacKtpoLvzp5VTspL3hF/CnV7:BW6OvWToVT3BE1S0gQkgTKtp2v9n2B6
                                    MD5:F71B653B55720C08816297D442F005FF
                                    SHA1:EC97519842F03D1A7834565DFFE1A0A795FF03FE
                                    SHA-256:547CEE01D9AC02641550287145E9A8B33FAA10CF9D26EA53432924F0804EC4B0
                                    SHA-512:3CB0C4903C27F713FFFDE1B185895DF1DEA8EB7D1B34F87472F855B5AD6976333702CEA220793EDC7B25782BE872C5659AF5AB4974E1636BCD7D5BD734216DBB
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv2.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):98733
                                    Entropy (8bit):7.9984000423576855
                                    Encrypted:true
                                    SSDEEP:3072:oEHFcD+q5L9vgXaQc+DUY1yRibb3gw7+BJP:bFcKo9vgKf+DUYwRAjgw7+BR
                                    MD5:7AFF247D52FE6468A6E06E206616A83D
                                    SHA1:0965687E40619574263356EC26AB66DB93334A06
                                    SHA-256:67D33D3FF9384867E6175C75EF916F01EBF68DDD3C463371A537678866196690
                                    SHA-512:BCFE14A7C0C94CD30D62E3C8DED0A85E1AFF9062B0BD1CF9415E2673DC054B931FF7837387920C7F3CAF884721F967272534CC652BBAD41080C5517621F90CE2
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv2.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):78854
                                    Entropy (8bit):7.997783115871903
                                    Encrypted:true
                                    SSDEEP:1536:BW6NHF4xDpEHRBOuTsLQ4vXQKe5WQtNuTu7fM01vlPs1VQ5SKgK3xqxoYIMiALtG:oEHFcD+q5L9vgXWQCu7fBvmBKgK3xJ2E
                                    MD5:43CB62B23805F38DF000C7B9D0227402
                                    SHA1:00CFC3FB4D1292E824A76563E81078D2894B928B
                                    SHA-256:C5AD8B348F0C81F93FC6C5573FC6252E5D1F6FAC2A9810834B0222C41175CF0D
                                    SHA-512:8A04FA349BF29D2571915494DAD697DA2C55812A1A2BB4D38FEED36659E1809E5BC84F328CC857A12E15B3110327A3E264F236F7AA132345629F482307579F79
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv2.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):78869
                                    Entropy (8bit):7.997741561782965
                                    Encrypted:true
                                    SSDEEP:1536:BW6NHF4xDpEHRBOuTsLQ4vXQKe5iSzOyXAOV23EiYqZSQWvBOgdXySw4SUGyyW1X:oEHFcD+q5L9vgXiuAArpqpWQgO4SUhy0
                                    MD5:306A37CCC16E48CD582D0AA8E2643C6B
                                    SHA1:1DA98DA8E420081FC1C66737F42C4DBFE679DE65
                                    SHA-256:875CEC1FC380D90F8E4F0405A35AD8B370F30B3C4FCEC33150CF31D7EE650EA6
                                    SHA-512:FFD0EFDB82DE109715A1965B511FA92D3755AEB79BC0400A9DE7E3B175DB554F699F63F53A2F6F1D50431B9C1782238F1FE3AB78F7F2285C71480521154A28E9
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv2.4.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):62087
                                    Entropy (8bit):7.997256717321158
                                    Encrypted:true
                                    SSDEEP:1536:BW6L7jPEVdlmZuDSjp6r2mb79JEfwf6I0kZ0calY:o07jPqQeSjUrfJZ0calY
                                    MD5:068530597136C000D573D2CBF07DCA45
                                    SHA1:2D80345B8550146498393A3DC533EE8EF21D48B0
                                    SHA-256:D122CAB4C0DD68F062F3ECA1831521456916655D90AD728CF37E9BC2E18B0B1F
                                    SHA-512:314631DF622F5F104FA0325F7F4CA3246E9013489B12A15302A224F2D026077AC3C48C2B3E770EEB232841CAE01E92E1527DCBBBB89D1AD69A06885E869F58D9
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv2.5.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):70895
                                    Entropy (8bit):7.9976539954309205
                                    Encrypted:true
                                    SSDEEP:1536:BW6NHF4xDpEHRBOuTsLQ4vXQKe56b/H854Ys+9T1OM4FXNB+xwVvhzSmLhEPbOke:oEHFcD+q5L9vgXFKmT+zEK1zhEPC24
                                    MD5:62BD966FFC5049BF7EB18A93FCA491B0
                                    SHA1:3C4BB0234E229219E5F346A2007082F780BE1C0D
                                    SHA-256:14CA1F80674F606C54925B3B6862C7751BCD75B0C15C22002E954B0D33ED0F85
                                    SHA-512:CA1AE12DF982CBC242237A0BA50DD21A16A24281745DE9AEF0B2CE8E92179119CA38605FA26B2559C1055CA18E2577A073A2FCF9F5D5CE733778569EB91F9271
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv2.6.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):31651
                                    Entropy (8bit):7.994928165465702
                                    Encrypted:true
                                    SSDEEP:768:BW6NuYrJzFZdFjqpB/yTzryiNGB7S44Gork1d+34PMO9GTgr:BW6gYrJroyvNiz4GoY1db9e6
                                    MD5:D5A0EC5D290F02C4D03068DD57ECF672
                                    SHA1:4243FB0146728E2D5566ED7D771156DCE1A2FCA3
                                    SHA-256:6DF1BC6AB82B91079D9372B28E30CBCFDCB0168A36480A47BE76C73F3F49FAF7
                                    SHA-512:9D383AB71F87FC155E57DB2BD23C6EAADE5EBA87E0684CA9DEF92F6CDA46F29E306FFDC597C84780A4CE48D82207AABE7C4584CE9A357E5D24F33BBAD44C7162
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv20.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):58143
                                    Entropy (8bit):7.996907279683717
                                    Encrypted:true
                                    SSDEEP:1536:BW68TO2X/i2z79oufxd9UELdfqShtnwjpMR7h34ZsG7c:orTOI/Tf9ouZde+/76pJD7c
                                    MD5:24B707FD8F1EA5BE94980DB03F9A4974
                                    SHA1:8A43A69E524AA1C3DFCDB9733B6F24FBF494A983
                                    SHA-256:D40D84E9BF8832D4E07C6F20B94E3C65779F5676250AB5CA2339B3DCBF0EC84D
                                    SHA-512:0811F17839C30C6E375D29A41D1B0F973A988F73D0E3433C70E96D71210E98EAED82AB0FFB9932F804F946F322F3EF05BB97B3A345BCB80648906F61C675ECEF
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv20.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):36741
                                    Entropy (8bit):7.99573234379355
                                    Encrypted:true
                                    SSDEEP:768:BW6NdIsjO+mlsN5Eju86k+lC3KI1T2xshPQZpjmz6+psQtHml:BW68/lsNCjuT5MKI1K+BY06Oel
                                    MD5:C4A315EC291DE2F3F060B1EFF06F822C
                                    SHA1:0AC931648653F07C6853E0BA0DA03369AF79B228
                                    SHA-256:5514E5CDA485D604D5D175050276EB54BC537AC3EDBB7FA9BE6BDF14922F995A
                                    SHA-512:CEB7EB6FC34073C090C4DB6B3AAEAD2A52BCC8339903B7EA9458B65E63B77B002734E10270C2140DE9813C98CE7F7F7D5738BEAD2047D603934A5FBE130CCC1A
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv21.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99457
                                    Entropy (8bit):7.998216605387722
                                    Encrypted:true
                                    SSDEEP:3072:oevBHKusW1xg1krVLPOuzHUg28+U9NdaXUHro:bBHKusMW1tujUrUXdaXUHE
                                    MD5:8BACDD58461F723850227630FEA68F61
                                    SHA1:33C75A0B8BD260F260090ABF8F25BF94A11ADA73
                                    SHA-256:79DF17693D9C2475D709983ABE3B900E751BD1E58964EE34BBE8EA916FA07CBB
                                    SHA-512:69D1D1E4563A8DE7E597249F5490517807A89CBA0E72AB07C70A75800A41CDF5B54923E0C0FAB27CCEBEA3B20999C09A0E0BEDD40218473E8C07D637EADEB5D8
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv21.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32168
                                    Entropy (8bit):7.994435253905921
                                    Encrypted:true
                                    SSDEEP:768:BW6NE6olB/BmXzITGVePTRquaTG1vjNFKaVtKJWs08:BW6+RmD8rrjKqtKJWsx
                                    MD5:6C692AE84BE3FE987C5FC52FD5AEB9B1
                                    SHA1:FA422785D76A48DA99F731A0DB17478D7D142824
                                    SHA-256:16CFB08F9CC69C1ACDCE702214720F818686CFA9A42F3FF05526694564FFB431
                                    SHA-512:8D9C011936519483B04D6D1336D9BEA2272633BD550BF0DDB6033D06635EBF19DBA581D9FA8455A41BFA5DFC53D0171BFF7B692EC3750C21EF50D4C1F50B5A7C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv22.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100759
                                    Entropy (8bit):7.998386882859617
                                    Encrypted:true
                                    SSDEEP:1536:BW60OQKK6Rq8xEwZUzfHcm2bcKctvSRPCA0a9YdoB01M6mIRY59SkT8WNSQfUmfT:oJ8RqLrOwFdG/aeB01yIRIjoWgkVb
                                    MD5:A93213451F57225C3051FDC3A9A54D33
                                    SHA1:26642DDC5DEFDA68EE2E9C9048718FD09300A004
                                    SHA-256:685DD381523288E76ABE931E340D79A9A79AC66A0CFD1B320AB4273B856401E1
                                    SHA-512:E44E074ABED6EB5263BFC43A0DF6A9CD1738AB6B1D1A9E47157A32CE951C6BF5153FA3F253C1A7900FECA1F398F4C78A93B3D143E9CA2A243C88B2F0F566F8CD
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv22.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):40041
                                    Entropy (8bit):7.995642545194862
                                    Encrypted:true
                                    SSDEEP:768:BW6NnnkxCV72G3/1QpBiVDe0q6v3NcQd8DHGIL2Zak50f8r7ix:BW6xqa/2B+ev6vS9SbakeL
                                    MD5:6B13FB595DF0775BD7DAB5C4EF1CF33F
                                    SHA1:87695667DEBEDEA6F532DE90211A139E43061DBB
                                    SHA-256:DF4BBEAF14D89508FCBFA0E5CC50513B07230AC9956F9B2EA0B03A815DDA6B3B
                                    SHA-512:1CF8B936012CE8B810109D0B346574BF7CE2B39554D2961DEB82B7AF0A4BCCACE3E88CFDFFAFFCDD75B2B58524B17CD8A9D865048ADA0A739F57EECDE61978E5
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv23.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):93286
                                    Entropy (8bit):7.998129703606323
                                    Encrypted:true
                                    SSDEEP:1536:BW6Yq0PMa088aar1sa5V7Ps9xFtpPd+FdTHxjEf6xWwOJM11yZlbLAn:orq0PM4ar1saL7sxFtFdUZxQf60wOJMj
                                    MD5:1102C549BF4ACBE4400788190D6FAFE7
                                    SHA1:1625A297A43DBAFFB10C3F608D79E964C86039F8
                                    SHA-256:DAA3E8880F7B5A880F77D81700A439A5A64F59FF3E6B879BAD5CAA497AE3262B
                                    SHA-512:25537A6AC18D883FDB6A55E8B4BF08EE21C3E31006F618EF1B5FAB3042CF3B5CD234FBFA0D99E20B6713A5A441CD033B4F7C28C874288BD256DE016C6B8335B2
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv23.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32829
                                    Entropy (8bit):7.994035272067815
                                    Encrypted:true
                                    SSDEEP:768:BW6NBXvNQv2HVaVV93algtK1sOFSbFhSTEMKT:BW67VBVaD93algtK1nFXS
                                    MD5:5A706F42F9089D7AA5E568D189BD1BCF
                                    SHA1:F03514F3496ADA198C372E2322F832F3FA177473
                                    SHA-256:DCA0BF36CA8F7107FDB544AB5EC0B0DBE0368EE867AA49C5DA83EFF03A8E1502
                                    SHA-512:C6B1D36BF229980B605B4253C87A4AC1F36D40F857FF13E08978C764606696D2F05F99B5D5471DA71111B046611E796076C49B4510C4D69D904CB2BC652BB345
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv24.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):63980
                                    Entropy (8bit):7.997454343210385
                                    Encrypted:true
                                    SSDEEP:1536:BW6uQa7kqzEk9NIgRdJQxSdbRiLiW9RoLyCWjkL5YKG:oDQvqzEk9NIuRbRi2a8kGG
                                    MD5:1CA74733AE8ABBD526A623D582E90A86
                                    SHA1:260FEF5EF8B976E4F4AFC691A68F234042B4CD9A
                                    SHA-256:F717F00037738CA385C9AE1B3E037E0625E85FC98C8DE173DBF7AB7022890D2F
                                    SHA-512:B1AA1F49CD32BE6D3F7BBE786A58B784EC12F04A80723542A9C4BE8E46D7CCE3A71E5D680739B799786B2E29623CD81440697A2DFEBA9E84216B796342EF4AE3
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv24.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):42326
                                    Entropy (8bit):7.9961938809961035
                                    Encrypted:true
                                    SSDEEP:768:BW6NLQQa7c7qzEkQF2N2HxkNfRdcni5QNFVw5yv5aB2YsjpSU2/y5JMTPQokRgmi:BW6uQa7kqzEk9NIgRdJQxwQv5sMjp4yw
                                    MD5:E9FC5502E223B097FA82863E38696042
                                    SHA1:E9080049C173BFE988B52BFB2B282FF0ADB31653
                                    SHA-256:3EFD7525C6E1C07381ADC32A22B66EF88C64FF2E435685017E2496E6DE679537
                                    SHA-512:E34A02590B00F8E0D0B752C8915AF3EA8C3977CF5D7649B13EB905E17CE1BCA8BC4A0B8BCF0D638C1A87574967CA911FE644321A2A5F930CF320240193EF235A
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv25.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):98017
                                    Entropy (8bit):7.9982280992744155
                                    Encrypted:true
                                    SSDEEP:1536:BW6bKwZty86+ddw8GtnmjXy5UXfrVwuhLnT7vsyH7019PlMmX8N6z0WNumZKnzrN:oivpbGBPCV3jT70yH7019dMK8N6zrug2
                                    MD5:521EA1C6299FE47C3B8F46983A5F5F98
                                    SHA1:0CB2134FDFF277C7E673C7AAC0776DF32B81315A
                                    SHA-256:96DE6B919F013279A734B5227AE3338C63E18EF48C9C5994F9BA4856A53C52EC
                                    SHA-512:B3247B01D56B42DE678617C6B034FB28D753BD11BE374161ACFC85A8D407C898D57DFE72CAB97CD1E0DFD6728732D71358B8B8E1F7F022F1507F75618EA0C157
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv25.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):37706
                                    Entropy (8bit):7.995482814550673
                                    Encrypted:true
                                    SSDEEP:768:BW6N6Sm2VBZlYuqrq08AqILNc9asm3sAdnRlyPIHH/DMP:BW6Jm8HlYuqm0e2NTsosAdnJr6
                                    MD5:7BD0788C2A434C64645AB556C23A14BF
                                    SHA1:457BF437B71E509C067F9CA989F06507B36C7D41
                                    SHA-256:64074ED1669C55D065ACC85368F2BD1CEE2CC99A0DEF52DED9FEE6AF4B03E9A1
                                    SHA-512:535CABFB8E76FC86CE01E0C7AF284C49CC906C8C2C20FDCB567C8F198D913B41980C528E8C12B1AE18D76DB65E4353D76FBD7B260544539197D35CE7161631AD
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv26.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):53037
                                    Entropy (8bit):7.996873678733814
                                    Encrypted:true
                                    SSDEEP:768:BW6NA4KWz3oik5y3UcX52+LgquI5dv/Hxg+kzQqkq9qIrk/wXjmvkMcrbDGOh8c:BW6nKaoJy3352+p5dSHpqojmvNwZ8c
                                    MD5:7DC228BB1FB3CCFC2A310127002336EB
                                    SHA1:D8B6ECD339DC0286DEC5CD9EF5211849AF3B56AC
                                    SHA-256:4C3198AB4B08000E629C09B7C8CF396477C67136156FB0335D6BD09749D1AF0C
                                    SHA-512:711A83B7B03D07131D1500B8941A7DF06695186AA7871D461C01160EC55B7BDD5B9C80A9175B59CB1E89CBD2CDB59CFE8C45B45F1D12F3AA44AF7812F755F154
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv26.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):31189
                                    Entropy (8bit):7.994281553790379
                                    Encrypted:true
                                    SSDEEP:768:BW6N6GF0a5kjHtVUFLBwiFwBsfmV6dV2e29OQoQnx:BW6FF95kj/UpfejQdV2e2YQ1nx
                                    MD5:45DBEEB0F96E14C59F803893BD7746E7
                                    SHA1:A02C2C8B1394E30B8D22B1A7941D510EF17CC7D3
                                    SHA-256:4D8E74DD8F673A15AE145743B068776EA448DB5C5BA3998AA52284EE7CA0E49E
                                    SHA-512:7D6B2CB69F7B8177410D415DA23F9187DC8BA9E4710847A77799249221A7E61A30F1A07E5971B6D6FE1506DC7CB8A2E46D4FAC338905A3F129A7D2514F9DF67C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv27.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):98416
                                    Entropy (8bit):7.99821113686373
                                    Encrypted:true
                                    SSDEEP:1536:BW6r3JOrGfAQmGi8dFZNWZhY20Qn88JROOmjjGuiXbRq2+FEHNSijyUi3Jh5dQZj:ok3JpcOWZjHXkuuMRq2+Ojy93sx
                                    MD5:C0D13EA141E94E3B4C3B46379BC86F2D
                                    SHA1:D2F48AE05CBB726F2428E4ED7B3524954745932B
                                    SHA-256:AB6FD893CFA08AD52384D6EE973A065BFEF0A9031B166B776CFEA50E82BEF86E
                                    SHA-512:DD1F2E8A6277DE2358CAA109504C696576A70E01A04E447D7FD720CD19D83EAF6B39D1DA0F1542697AF7D0AC9046A3D09E1E00BA0A33F4C85F1EFF230421C1CC
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv27.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32641
                                    Entropy (8bit):7.994716793370817
                                    Encrypted:true
                                    SSDEEP:768:BW6NCOggLFFiSgWEJEFkM84MP6zbHqIdrlPtBskaz0Qo8ME:BW6TKAxOGOIhllBsXGk
                                    MD5:E88B3293685B5BD4921F00B41181F2B0
                                    SHA1:465E6B6356B6DEBE9AEFD74AF6EF2E482D1A7459
                                    SHA-256:C215E0660D9D639C4815C9E21033CAE69A2B3640F713FBD131983E049AC12B0D
                                    SHA-512:F3ACAA0D303CC7F16FF83DA358AC905E6E8545D59097216CB9C9749F4BF6D3C6BD10731EA381CF2EA48A280EA48CB387629E19248C1E4927CAFD33799B5BC1EA
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv28.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):107963
                                    Entropy (8bit):7.998383266675414
                                    Encrypted:true
                                    SSDEEP:3072:orlF3F4IMAjjWsL6V2RpsNDJ33lblD7a+dDZWQVxztybt:glb4IMAfb6V+EDJFbN7jrx2t
                                    MD5:2C0C638204B7B944014072E9BD661C2E
                                    SHA1:0DB79474902F51D17F4B759ECC9B8832D010C95E
                                    SHA-256:152C8CEBCE73C59ADFF0CB6AF008E4FACF0645F48A23BB39284A322789515C4C
                                    SHA-512:5FED045ACC6798F22303475600F0A8A14232EE1A1B16A6A08A1AE02BCB1B51A1EE98F49563196289C90F6CE08F18453473BA974A7B5E0DB67B676447E4F4706A
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv28.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):40990
                                    Entropy (8bit):7.995348789067283
                                    Encrypted:true
                                    SSDEEP:768:BW6NYJjINNX/HWigAIDxhD18g20LVLDFyvWLeRkJxa7WdqNFnKbYl45ZHQ9:BW6QjIvX/j+DxhDL0vWqR4uWtEl4LHg
                                    MD5:543591DCBA79B507C11B753FDD53D763
                                    SHA1:2857BC187AE459798602C1934DD5CB8D0AD1A38C
                                    SHA-256:836B6F24C024DB7707C7305AA84A15B2225E6ADB4470D26B3112FA8FA87197A0
                                    SHA-512:45597AD2995C6279145EABC6720AA36ED5288FDA7C09DFAE160EDADDF6EF40A895415E9E9515469A228CEB12DF5E01614C078D57A10D47E62FAA4D8685FCDB19
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv29.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):96113
                                    Entropy (8bit):7.998130790714943
                                    Encrypted:true
                                    SSDEEP:1536:BW6HF9pfWVCSg8i3ClEmOZ5B5rDTIxJl0vyJcTdsOfX9pwnk3OLrh5:o8F9p8CSghSlfsB5XTkJFir/L8k3O3
                                    MD5:7C68CFB5F5AF152F8D9C45C83968F9E5
                                    SHA1:CF14E3B400F43071E3611D692E50B43B5E7FB0BA
                                    SHA-256:68A83A6DEFE3F339E116965863EF4C536D61503DD87F6ACB3C1ECB18B716821B
                                    SHA-512:CE30831FC5C2280BE067D6F1C51CC739B9E1CC152C8296E439C055E817C408C8CABB621A6B0E1D86858C9214E6929C5EF39A910663FABEC5199B81297A9587C9
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv29.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):35504
                                    Entropy (8bit):7.995373807133793
                                    Encrypted:true
                                    SSDEEP:768:BW6Nb1X9c/jyps46MdwPtxJBAwLGDIJIvQiDHqyAYL7sH5f7duO38Tbz02PZ:BW6F1Nc/jyCfMdCxJTLG8IvQ4HH9If5Q
                                    MD5:737A1374A5503F702CD7BEFFB402D3D2
                                    SHA1:1A780B0A10595593080718EE112922ADFD48F6D9
                                    SHA-256:9B18FDD03F15144E86DF6AE41BF04793AC713BCE12155D2AE55274CAC80093CA
                                    SHA-512:E47A9153566D17BC20E6E69DEB7702AECC8D6BDE75674616AB00F64B43F363E8ADDA42B09B663E398FAED5CF6920D18F5BDF9D757A5F438C39C6CC87D353E215
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv3.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):103242
                                    Entropy (8bit):7.998070019674833
                                    Encrypted:true
                                    SSDEEP:3072:obI5molIWlq0BxiLaYx78MBN90hU7gPqarJL7A:/soKWlHB3sgMl0hU7qqarJA
                                    MD5:C0300FC156DB04F541F7ED73F9FDBF8D
                                    SHA1:5F832818E0F6B3FB867132B3029DF65846D2DA7B
                                    SHA-256:363F0AC6CBCA8A470E1974AB22630E5CEA1862260136681E890D9DB5FAF8F6CD
                                    SHA-512:08F3E05C60680BFA8E2F9A01C10DDB1BC8A811022FA30E8E4F85288C630384737DF2A50F431725142D7E6C3CEB379CB8098E0C7E53BDB510A2C2F01A229284C3
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv3.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):51985
                                    Entropy (8bit):7.996722146000946
                                    Encrypted:true
                                    SSDEEP:1536:BW6JL+upCfhsjQCT+k8aXj5wnH4P4Yb2PNr9PDKNSc5A:oG+xfhfC6EtAZYb8NFDjcO
                                    MD5:6F3F2AB7AFE7A02426C29B531A1E2059
                                    SHA1:4DC70B7C61290ACDA9018EB6CC232B5FF1489B90
                                    SHA-256:BAE2F04E13BF7FC6E3E17C37B5DB13A227A9F4FA715E1B4A854A836FF549DDE2
                                    SHA-512:D4D1FBE47907FAE1A9E8B574D8024BCF447BDD40AD31C59044A9DB1E76A66694674FF8CC2941610F70A2ED8B856CBC8F2C58F287F6EEB7204DF6212F3D3305E3
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv3.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):35504
                                    Entropy (8bit):7.9954059317529005
                                    Encrypted:true
                                    SSDEEP:768:BW6NQoNJKDsIp65+iKvPZhaUnSgIt+Gng9DuwX1cpsrh3RqfXacIS:BW6+oXTHeTaUnSFDn09X1CuRqfXau
                                    MD5:BCC3E81F72C645434C9481A2116C60C0
                                    SHA1:292C7B2855A68CD0D73A1463E2BB813D35545828
                                    SHA-256:D9F8F7214FBAB1A34E05A598294A8334D349805E6769055BE2156A9DD0B6DABC
                                    SHA-512:E7C33B0A9A1241831B16AE67852077F3B33B7981606BE961D8468426F6B74C3CB0350E714DA3FD9648F17F679049E6E55AD7C50D28AD1B466E3395B914E660A0
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv30.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):105116
                                    Entropy (8bit):7.998285268709793
                                    Encrypted:true
                                    SSDEEP:1536:BW6xUV3Pu+H8iG2VSSR46tZRW4paQXjxOSbIdzsEJ2D+BE9SlIUry3Hrs2lf0UJY:oYUVJG2nDTIIaD2kzrE+BDn+Xrs2HBK
                                    MD5:FCFC417613F8478F23B9C140BB23F4A7
                                    SHA1:E7E01B23F7676D2C0800010306E7361532B9B71A
                                    SHA-256:C97DEC1EC391C52D9A46BBB89E5930E9AE550D7052C143C5FB682ED713DE2211
                                    SHA-512:EDE0D546287D8EAAF4BC12A094F568B3B9DBDE21C29729A387F6DBE482EDF013A7C9757DAD7B71B392A0BF3342C0DFD134AF01F36D9B02DBAB292A05FACB7EAB
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv30.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):37229
                                    Entropy (8bit):7.994543928422013
                                    Encrypted:true
                                    SSDEEP:768:BW6NJKtpB5oVnsUMBcDf3fRZV6ioyxr1nThx+B0LZssfebqc:BW6Xs5EsFcjV6Ny/hDLZssBc
                                    MD5:6C2BC1DA0BBABB0DF6F041BA937A20B5
                                    SHA1:CF937FE32F3547B7DC36BB5CAA1A6935F6EBF96D
                                    SHA-256:123F6347C23DB951962166C5FAC65FA4807E2A1167143608A9701E8485CD903E
                                    SHA-512:E1A805EC88FCD9AC15F420E3A766A9ED41D57D8BFD104C9D4326D3C4EF91D56B5985A7971FAA36879C5315F1060E301609D2E217FF6AEEF1CF27E5EC51D08D12
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv31.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100022
                                    Entropy (8bit):7.9981863880802235
                                    Encrypted:true
                                    SSDEEP:3072:okH6QTNR1VHEgWRq521huDxmFscVDWzsO:WKrNW71WTcVDA5
                                    MD5:6E48EF4B588D5002062771F83B511CA0
                                    SHA1:F62D62F9EA643704E4265A5765157743FCE5B794
                                    SHA-256:CADB718A410A980F1AF13CA8A1036CB2F39D7D4FC9950C87835C4EA52096AB0B
                                    SHA-512:DEAED369CC05F5B4AE8890D9900F1A5F20501EF53B3938C32E9EACEA943C7F30AD544642D07BAE679B8E842595EB4C2F20ECE442075A77024CFCAF00740CF117
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv31.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):31714
                                    Entropy (8bit):7.993413464931367
                                    Encrypted:true
                                    SSDEEP:768:BW6NmHGlxxDckhL+OHikgd6UsbsZf9VD4+1BvnZYr4zN:BW6oGlgCL+msPZfo+bZYra
                                    MD5:49B41606048FB6579B5C827AD76BEFA0
                                    SHA1:3F7576EEB4DF5F05CEEF96F4987B94D3BB539A5D
                                    SHA-256:973FA4E3E481F20E7EC967C2E187BBC36190855B23863395672AB3BA273E2619
                                    SHA-512:96206542B22540982A0A9B485140541B9A5368CEC77FBA126C5BDF8FBA223015C44157E1A77E15D936C4B86E94CC9017D1A58682F73EDBFB5C438FB496416321
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv32.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100086
                                    Entropy (8bit):7.9982240430769815
                                    Encrypted:true
                                    SSDEEP:3072:onIwmSjknvnvYoANpvMQ1gM9zvMsPxZxBV56r:mmSjqnH0v/gM1M07V56r
                                    MD5:ED55D55ACBF2BC589FF4137F91BA917B
                                    SHA1:1DD3FF5BB16B506456E25715D3DC3AA46DDB1794
                                    SHA-256:B45B6C087B04A99B7E0B08ACA4D8A3669E195670F9EBE3B8296EAF06D54EBCB4
                                    SHA-512:5FED35382747A4C24766338C8E976C656F407DBC24BFBFE8AD18780598E64AA1D2793C21282ECA0535A14DF2F993C4090D54789B018C0449E1E7BC5373B2F935
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv32.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32338
                                    Entropy (8bit):7.994565423368479
                                    Encrypted:true
                                    SSDEEP:768:BW6Nz95veaYU+eg/V6ohlSRbwqxXofCVY4akXEr1hCpF19ed:BW6XpeG7uY8qxXsAXdpUd
                                    MD5:DC6D00260945F7978A7BBB54898ABDE8
                                    SHA1:27626BCB0CD95894877A0F8EAC9F4849AD9A0C08
                                    SHA-256:5973EA970E87174BE790CF7920EF106E8826927C68A3932176EC83D9FC845BE2
                                    SHA-512:344AD352CA33C033AA50E14C6266DA2BED5C2DCD3E021B0C443C0309480D8AD976584C0A6645B37DAD5A32FADB978638D80ECEFA2ABDFDDCDC4CBE820175810B
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv33.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):79783
                                    Entropy (8bit):7.997670760162676
                                    Encrypted:true
                                    SSDEEP:1536:WBQAJjVqofoqwPb0C+loboSvZZcDZ7RPwvj25ED1I8qgUdlo8nyJTz1VxRH5IXm:W28xlwPICbhvTEUJ1K1nyhbH5cm
                                    MD5:FC6CB03ADBADE81946405E3B8CD984ED
                                    SHA1:E3F9564E9022B7BA796E8459E37EAEE3093E4FA2
                                    SHA-256:BBCBDFB17B6F8A56A676C6AAEE166C8826EBE29AC602D40797A8D8584567FB2F
                                    SHA-512:A94E2B53283E8FF4F9FE55606FB1566952927AC09A8FFCA62AA42576FDA20753C6D69E3E74CDF4EF1A0C2A8C891F433252C1397FBD098F60E9CECB1DA1A69CA9
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..74M.a".@...K.=..hnv.|.oU..}#..c...5.c.o....o...RT...o.-(.#.-.D.^.v.LK...0/.O..Q.n_...].\g.:..jJ.5.+...W....F+....l...,x.."...!m.e...=....nUX5S....<.....o..cX..X....<..*.v........C....+%.Q...+.)..f....R..9.@.cr........Wh+..%..:n.i.{`%#.p..m....lwKae.l,..`....N..B#..*!u.b...N.?2.+...3+..X....../....e<...L,....!..}F."...GB....|...o0........5.u.H.......F..@..t..b...X4K...(%.,S.q.............K.Dw..."......n ..?;-Z.2/./O.a.h'.ji..s.s.dC..(R.&[..[.W......h..C..{...7".....h$..;...=.Z.<.].1ZpJ......[K..;.W...u..e..yM.s.E.r......;..K....K0n....J.,....Gr).".jy.3 S.,1l..D.>.,......!.(9ibe*....E.v......)..|..w....wU....q.;.2.H..I/.99\E.C....$.1..?.%...... ...-.C..........#|..N.B.SY)...d=.w}.y+]..<}.K.v..xu._..M...r..X.;..G~>...q}.i..B.g.(K&Q....g!n.&.G...e.=.\..|:3..,4.X. .C.i..SE%.XQ==u.]..$.......d........l..).Y....!Y.<...[.......3..2..( ..X....X.I.|N...:..m(z.....`.{=..N..0.T(....

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv33.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):43734
                                    Entropy (8bit):7.995729472063912
                                    Encrypted:true
                                    SSDEEP:768:bPsad8CFhXLcC2PgGAPaxVRO1zc333+U7LIy2EvnodBd3Yakf2oVqgm0iLI8591q:tO8hXLcC24PasG+KJodBlkuZb5jq
                                    MD5:B8CB9F8CFE0B2CF1D2A3DB4BCBE3877B
                                    SHA1:57E4BF0B0525A2E3D65402662D26739972CBD754
                                    SHA-256:DFC17DA79A4411615DA5A92EA9038BAAC4061C2A200BCD98BB7BF325DDC2BB50
                                    SHA-512:404188F0AF8F0105BDF7C265A46ECD142DD5A05F2956EE13402740981FE9E5652A755126EBF4F89D036EDF763B11D86DCBE9E64FCEFCE83DCEE7E59954053432
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7O....E..G.. .^.B].....T....r.....A`..4. ..q.kA%5.cB.z$..v.w..+..0....H<.....g...H..l......_..T.C..`'.b._Q.n.h.-...._A;....sJ.......A0^..{B.8.........H{..Km...1..F...2..t....0.mVk..o..L.2J.b.L..Nlk...I).v.j.v.Z<..S.].U-...~..,.w...o..>......4..r..:~>..\....Q....J$?.|.87......TH..N..^.....9c.'.[.:.{........8.t......x+.>p.....6i............y..I..U.k...I.z..J.H..U..P..+y . .!.....U.\.. ..3...Cn~... .....L.W.t10..*..bNn....Y......%h.z.A..=...4m.-M.M..<....!.!5'.p.IN.&.)].Q.Sur....6V....4.Rx...k..}j....-.......f....}.<P........h.i{0.W.f.M....,..../?..6.....;..m;.o...$........}UcA'..no....O...O.W..6.Q.....+.F...g.._....y{0&=.).8n......EZls!wbP......uL/;..$.H....^..:..Yq....k."9,.zL..#.`.p..ih{O.....^Gt...]..........|...l...&.z.P..}..t..\.k..:...>4b....y..q...\..7.-UQ.....:.S.3..6d+L.E....xg..C..}A ..KpA....,.\.Z...\o.y.4.g...d.........J..o.0...,y.S....{.[y9../...Fc.lE...k.t..E.Q.5.$Ns

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv34.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99037
                                    Entropy (8bit):7.997888245921803
                                    Encrypted:true
                                    SSDEEP:1536:BW69IScAcb+rCsJoAQvm7LLsIw3o1QAyd5mp9aVWzABY/rkdeUmVgjpjpau/KGrd:oi3W+rCi2csFKm/VtBYAd70u/9wJF52
                                    MD5:9DDC5E19AFDF801947E63E9F1A4CB172
                                    SHA1:20A2A279E7E619FBB293500559F5485FCCD8101B
                                    SHA-256:3209106CEAC1D911D2B5BEF0EF2441E9285AB933701BE9E4B9749C773B83FDAA
                                    SHA-512:8D07AF43F5AC27ED332C8AA8B1F6D9AF92E4025D233124E77C1B433C5AEC8958AD31A4B618B066DE6AB62165134315EF949C6A2BB10BE31CA797ECBA528C5DAB
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv34.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):38199
                                    Entropy (8bit):7.994828083625625
                                    Encrypted:true
                                    SSDEEP:768:BW6NMP+zF9wefol+psQuQa3h+IVbL3Z+qOMy5EKxAR:BW6lFykna+SXZ+qOMtKWR
                                    MD5:BA63FE08745649EF7409FB4B46CCC9A4
                                    SHA1:41183AF44A3F948952D72E609934D58F6AE7C77F
                                    SHA-256:BAE33927C53C629FBAECB3A6578C128FEB37A9F49FBB6AC8BDF8CC6386BE6FA0
                                    SHA-512:9D9E4AD92A96D3160F8392231021316659B791031E78BAD7A87E7722FAA50A8A704322B1D2C1E716B975C2FE45E904CA7B6BEA249C67E9E5F7984E079FC51579
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv35.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99251
                                    Entropy (8bit):7.998066777711538
                                    Encrypted:true
                                    SSDEEP:3072:oDEhVsfQNllK8auRX075JV1vu4fO7HmER5:GEhVxjAwK5J3uiO7Hl5
                                    MD5:C9AC9354B7E5BF16E8A02D8912BE5B25
                                    SHA1:830CAE5E71F17FBA34DE2EB0A78EDAF21B09741B
                                    SHA-256:7BFC65C85AE5FBBDD681F92A3901A17BA9D7E5F55B705967812E53D2855C4244
                                    SHA-512:C5C96F652EDE2946B24C74DF6548DE72D29796BA3A66DF06138B898EEAEE1B5ECCF6CF84D31184792B7664F9BEB3021E357F5802906A0964AACE19E76F0AE5DD
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv35.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33097
                                    Entropy (8bit):7.994609982490262
                                    Encrypted:true
                                    SSDEEP:768:BW6NOh3fCcFSodnPvIsFLBhTWFVrXRRDtlBwyHyWqQ:BW6EhvCgtdHBPEVXjHyWqQ
                                    MD5:B885A0966AF37D3A1C28EB16B505A751
                                    SHA1:B51E6526C987935FBDE80CE039FDDC3E0460AB2A
                                    SHA-256:6A9A038A54D95860E3011F93391DBEC99FCCED9ED7A1A6615F5F8A1FE50A3157
                                    SHA-512:68F2896F74D6DCF3DE4A6BC13B9F378E2428B26907AF14D5B99CE335F52835B01B97A56160A81D8725D0F023057D1F5E4CE0BD8DF0816E0F38D2510B09687B8E
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv36.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):102051
                                    Entropy (8bit):7.998156418187762
                                    Encrypted:true
                                    SSDEEP:3072:ogGkjn/WTIWJEKAYvZfd9DSPToJuewpv9e:ECKIWJLBbSLswpvM
                                    MD5:95A6D0ED38A760F66FB112A5DE59A007
                                    SHA1:B8ED6F61A7C517CD823F6D5CE0E9217967BEF890
                                    SHA-256:1917C0F40A87CAD58D49123CE2C7626943504C0F1B3FB8A4826958DE2FD9CBEF
                                    SHA-512:C0741E8EFA86F4432817CE679CBBD7A74EE7D67891E5FE23826A8AF8E114C911854480E9762FD937D0E4DEBD4CF82E33B2F19A7DCCC0F9128B6A9DEF8AAC4D6C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv36.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):34219
                                    Entropy (8bit):7.995028541539741
                                    Encrypted:true
                                    SSDEEP:768:BW6Na79PrmgozVd79x9H4l22VjNHVda4G:BW6W9Dfohd79kl22n1PG
                                    MD5:946B26FFB476A97FE2151D1EBC46CB15
                                    SHA1:7C9E829F00161D1C314FFD35AD56C87788102DA2
                                    SHA-256:9593E3D3D284E900189B6F8E5E473B0CC83C817D7E58C649E10AE9672B005E36
                                    SHA-512:D0F5FAA8FB7AC11B6C0C5F5599D991B8073DE7B314D48903C3536EDFCB0B73C4241A121A8F47DF6C67F23EBF63918418AEF945F5C17F99231B82B5026C60F43C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv37.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):102368
                                    Entropy (8bit):7.998287814737377
                                    Encrypted:true
                                    SSDEEP:1536:BW697ZjN7E9eeTnfPLqxi1p7/p0A50FjiSyvNeLweTOv8rWEFhCtRthTkJ:o27NNQkQHLqg1N+rFt5OEaEFSTY
                                    MD5:27F06D436A9F1D9CFE5331BB820C5886
                                    SHA1:E1E7C6A9DB93EB16537CA3E55FBFF36AA03F6837
                                    SHA-256:871C8926B79A0BAE43A035E00C030AE79713A6B2B15116D25A9D0DD967D433FB
                                    SHA-512:7CE1F14E46ABD85210DF7E3AD957542532AD22A77E3B5D111EDE0C6B8912A94A0845E52E37BA2206B4816054AE824DCFE9438E212CFBB37B4C1955EA5B7DC72D
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv37.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):34956
                                    Entropy (8bit):7.99390210191762
                                    Encrypted:true
                                    SSDEEP:768:BW6N+314uNtmdalgFjuCUoMZ5Lp2idgAAuY5moUl6fKL:BW6sWuNplg1uHjXHAuYkl6fKL
                                    MD5:59277C66CA0C3F137749B2F0CB6E5C10
                                    SHA1:7EBA4A7CC9AFCCF75DE58D365749295A8969CD42
                                    SHA-256:5F98CE2635A33388E7E3D7793873D6304AD31BBB7D33362999D418E1297515AE
                                    SHA-512:F127BFF4423F9D072D29E35D2C3CB0587D777ACEC9DB16ED1B762D4B972755DD7D9FBC737F6D0A9369EC033F76DE3F4B9C5D23890C98D102CC86F6D4DC3C739A
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv38.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100625
                                    Entropy (8bit):7.998258836304681
                                    Encrypted:true
                                    SSDEEP:3072:ojxobAh8Z/SFNO6swJ21ekvIhdmeDRjqcTb5NB:yCTZ/4NO8Q1e+Ih7xqcPl
                                    MD5:C607F49179483B4A4FC6D510E225E5A7
                                    SHA1:424BF0A62051C28C3E3872E5F78320E2F66E8F29
                                    SHA-256:E00BCDDC005391C50994D8C32487BD8218CAAF3D1D05CC6925BF810A240EC852
                                    SHA-512:6A6A907DFC581C92B205781CAA9D7788506BCF66103A790159546D06E00E9EE3DC3512E8F8D6370577D781AB7C13A106896EB39238D302CE3830E47A43A39C6C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv38.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33039
                                    Entropy (8bit):7.994125857127421
                                    Encrypted:true
                                    SSDEEP:768:BW6NDBqY1ZYCXu5bgCU/IIynDlmDPOxeUXjWx:BW6p1Z7u5bJsIXokjWx
                                    MD5:341724703E215BD6C8B1CC913B43C760
                                    SHA1:A348E7BEC48CC02A89C81B96ADDB5F72547BAD1C
                                    SHA-256:21F9220D1393695A01ED52B0BA713832AB84686ED71AEEFA5576ACB04FE961E4
                                    SHA-512:BD6A8E7AC01FDF7B3EE41E624AD5F5569ABC41B77EB83381A8E4082C222BB5F5433F60A8CB33898DE3E029BBB6812610369D9C118AB0CE1C012DCF97D31A8737
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv39.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):98042
                                    Entropy (8bit):7.998232771168422
                                    Encrypted:true
                                    SSDEEP:1536:BW6XQPIX4GVmnGevnpNxj/tvYWvOfaYTm0ZjWZVwkss/k3/9Okm+DJqziTGt4jzH:oNUVmnGev9tvYW1pUWXwkxyN96mRlNzp
                                    MD5:5FF15A57BC129B5997E1ED33B59FD859
                                    SHA1:D9748C94D6986C5914C7ABAF7F941234ACFE3657
                                    SHA-256:EA50E8F3C7A99AE4A918A9E123F598056877022BBD2A9952538FC11D917C7D9B
                                    SHA-512:6D124768092CC59ABE911C60A1E17CAF7876C0B449318A912EB892CAD1E3A267E33B03C812D135F56D514D041DC7D3E0780DE5FB46285C386518B057901B64DE
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv39.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):30982
                                    Entropy (8bit):7.9936602257846285
                                    Encrypted:true
                                    SSDEEP:768:BW6Nw89x7jFGYusgi9XnetODMhBs1PWsGef2/1X1PCr5n:BW6F9x3TuGk01PWsGpl1PCr5n
                                    MD5:06A392C6ED644F5EB544528F0F943CAF
                                    SHA1:F355C8E5D3FC6A45E451EA716F576DA2DF8C585C
                                    SHA-256:C6979DD2F845F6CBED19FD786A169D1B7E0F2B769912A0E7F31076870559C499
                                    SHA-512:5B205F29E9ED454018621B3D95031B7A27B3D807A4556F4561BA2A8A6268505FD3280EF109DB44CF4005D3C2DD1DC64393540975451DC45944C3230F459B635E
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv4.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100840
                                    Entropy (8bit):7.998100994292755
                                    Encrypted:true
                                    SSDEEP:1536:BW6O+IYxyqQ9b0WMBCWjOsRFv8NCbY6aGtgVxkpLDZBDYbSm9gFnq+Tahj6rru:oAgMsWjD5FbYRLkpfnDY2VqRhj1
                                    MD5:69233711359E955EF620804A89773A01
                                    SHA1:31BDFA90CAF80D82C6ED0AD96F5AEC3E76894438
                                    SHA-256:4F2D662F51F476511B875EEA8D545B3B398D5D636955565EA7582A5170AE5942
                                    SHA-512:D625A81C8B2CA91366276BDB60CF9EFB291AFCF10105BB1950605E0BE284E2A09CBDE283CE5CFF1C5D889BCD2B0C8E20CA1A9D205E9B11D0762C38F5CF0C339C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv4.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33061
                                    Entropy (8bit):7.994303843711856
                                    Encrypted:true
                                    SSDEEP:768:BW6NC4JFpvJfPSG1OCkkF749AgxhDGLKVUNqr6W:BW6XjTfF1AkF7cDGL126W
                                    MD5:85FA11E8E404ACB68CC0E94112DE4EAC
                                    SHA1:9726564F9B236EFE6A97647AAE5CD33D221780A7
                                    SHA-256:4B889FDB958AF334996955C1D16CD0E8C2D8CA32B0D7E6C1D48CB7F88C74E503
                                    SHA-512:0F3B1B2BBD8E6CD60F1B6923192AC3AB5BEEE5FE044827D929BBF0A32AE3AE46160A73EE572878AF84178096C947D3D779DCE7ED92DF2DD0A1F490B68FF7807B
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv40.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):101881
                                    Entropy (8bit):7.99851186478424
                                    Encrypted:true
                                    SSDEEP:1536:BW694jBnxeUrwTeoxi51T2o/IgODbDnexQOH1mehLxun3wbfwRFsWW1BL/tzyoL2:oD8ThZ6IgUbqxQODxu3wb3/zzErP
                                    MD5:5650BB8A3AFB95778C068056EA82F1AF
                                    SHA1:3862B30011875537FD471AD3EEC60436E151B8F4
                                    SHA-256:3D6BCABE68EE6DD6CF5B1CB75674C71A4AD44EA1DF2EEF5B9247E6832367F104
                                    SHA-512:EAC304C3775604D0369336750F343CA2292F348FA9FDBEC3D80610D609DE0795668A9235223F70FCD46E8D6BC59CB8C0EB5762ECE3AFC08F7B867B0686AF28F1
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv40.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):36152
                                    Entropy (8bit):7.994665199756768
                                    Encrypted:true
                                    SSDEEP:768:BW6NyS+X3jDMzxYUUo1o6ySohxIl1RUY91xOpcSsUPrJmMWLjlQmmwB:BW6MJXvOxY/o1h7ohGlTUdpfserk9hQs
                                    MD5:136E5B4E8CC6E1A10CD31A82271FD432
                                    SHA1:CC75803F4A294AA7E5043C924C5564E11BDB01A1
                                    SHA-256:541A4CB4AC89DC976197A2A355237633E615DEE30A717C1F822FB0387BB998F0
                                    SHA-512:CED73B5453D8A73FB9EA953659A3D6D57F39843354D3E18388D2D6926B3917082F98C8573B32C58D1F6040B0E9E6BB791F7A5C21C0BE85D6CD579F51205F8461
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv41.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):106388
                                    Entropy (8bit):7.998355984294275
                                    Encrypted:true
                                    SSDEEP:3072:oeXeOmEBIb9CWErJZcZGYL3DRg6egHEBKC/K1:Gu49CWE9OZG0SNgk/0
                                    MD5:EE38E0CD908F86BB34C79806EF14B1EB
                                    SHA1:09AE883AC80691697BA410143814877F174C5DCF
                                    SHA-256:2F062581D9EC9D7ABFE8661AC22B933AFC54BE7389C61C5DF0DD96046BF83497
                                    SHA-512:8A854C366554381F645FBC75EC7E7D7D2E647F949738B1C8B67C3DC05BDCBED46E26AB9D76F30F56DBCDAA523C090338A10E6DCEBA9158B5F281885C5FF1DA4B
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv41.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):39585
                                    Entropy (8bit):7.9960939395156245
                                    Encrypted:true
                                    SSDEEP:768:BW6NFGFd4QWyWse5zIJX/0Na7USo10TT4Od6lGD9raH5L1sPklLfoN+C:BW6SFdlIzMP0NfSsGTrd60prm5L1L2Nh
                                    MD5:C2E464DDD469ED66377B1D87DAF374E9
                                    SHA1:872D185AC8B901066A18363671F5CF82577D343D
                                    SHA-256:B8B6885914A26B0783B641F8FBCAAF2B9AB77DA95052ADCA3D72AC8A2D85275A
                                    SHA-512:C95D062EB5A071342911C5A9DC504054FD449AD1DF0E12A7407A88829D2A8CC66D552536E3185A4627B1A6BDD2F3ED9718653C67874791E27D9DDD5A8EA7F6C9
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv42.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):100537
                                    Entropy (8bit):7.9980900812264775
                                    Encrypted:true
                                    SSDEEP:1536:BW6jkgvEOKgj31aCxB7AgOUNEBaBAFdl52UD9uVwwIZpxtYeoyMIvWZLdy:oW3tKgtxBM8jAFdO+9uVwwIptYoM7Hy
                                    MD5:F073FEC496AC5960CD531E513B582CC9
                                    SHA1:452E711982ED3EEFC4DAC87D35168FB71BAE072B
                                    SHA-256:C0177D09026E291B5D9AB07270EB11AF84E803035EF40AB3E049C5A6222B608A
                                    SHA-512:F817FDCA3208C4C0773F4AA85607B0CA8EC17DDEA8669CDE8DB791A156E2D8FA0E2948B7CDF9AB50D2CCCB0013C59B4EA289A284199F084B95F5F361C33A9FC6
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv42.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33474
                                    Entropy (8bit):7.993793390704863
                                    Encrypted:true
                                    SSDEEP:768:BW6NulOXTDacv8T8j9H89dag3n6/xbqYWtdtOBvSt2UHQ+NZAk:BW66OXHLU8jV89LUPWBt2UHbNZj
                                    MD5:CC1DF6047E4681437B87702D383BBD98
                                    SHA1:D92EE9749E6A0ADCA26B5BE52995528159BD153F
                                    SHA-256:21F765962B28615E8AC9FA0E54D71B14E85A44726B2EF67D8A2C8B0B1D800A34
                                    SHA-512:F40F9D13125CB716A92172DF40DDAC2D0296C80701B25115E79E07E1F9157343ECBB981264D63CDA2C53555F661F4EF4350250D9768760F05339D1D48E2AB42D
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv43.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):94068
                                    Entropy (8bit):7.997730230347179
                                    Encrypted:true
                                    SSDEEP:1536:BW6avOkNbLnegxT6Qa8DWEFkBFRHZPAkvWCeIqmoFM2wVLKcThJ:o+k4gcGioe5Pzv1eIqm21QLKcFJ
                                    MD5:52DBFE44F46C542099A53306A1E20721
                                    SHA1:6AD3B8DE484520F4B35AFAEF79380BA16038EDC2
                                    SHA-256:E828D0D534098273B0F77F37A95A07F1451D0F594902F34768337AD2C381EB17
                                    SHA-512:88E1ACB045F826CC7D94197D52CEF676A6B52AAB8CC4FF814867C329D8FB0158DCF0C855B1ADAC4E9E44C7A62D27431B94A1E6BC58086C0144F7C1816C6BD71B
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv43.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):27801
                                    Entropy (8bit):7.993413795984102
                                    Encrypted:true
                                    SSDEEP:768:BW6Nw/Q/zvpl32Cp/vaiQLt4YCfocDu0jlVCNMQm2KUPQOknsx:BW6uyzvpl3BJQR+focTlcNXmh5OCI
                                    MD5:87AF00A1137B5F8D1E68C3BF739A5BC1
                                    SHA1:0B46C8C6819134DEC64A985278517738F89856AE
                                    SHA-256:86D5C6999F042D4ED076DB76B6F24FD94B462A88AB146922CAD236DFC6DD1C8B
                                    SHA-512:9397360C7A294CC9DB1D84266F90F6E81E42FBAF93B1531203385637DF53DC9696CE7EA024D690C5D09D025C964210EBE91D8CDFD70C34A87944E5B6DC3D3044
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv44.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99074
                                    Entropy (8bit):7.998093404053396
                                    Encrypted:true
                                    SSDEEP:3072:ouvF/yBobA2DKdpveu2SzyIH7FU7yNAZC:oWbApdpmY9WXZC
                                    MD5:AA3B049417B78B1453B7F83A8840704D
                                    SHA1:D51ED06C114F7C6DDF4EB95BEC14BF84631DBE41
                                    SHA-256:5DE3E13B34DD3AAF6B4732C189D9AA396EA672A53B6D39638D7B13BFB25A11FD
                                    SHA-512:4ECA3C30079B880DD4A41E28836E14EDD316AF69F8DBBF3680702933F57B461B2164C1DC11395D28F81B56507BCA49A2119D8A61DA18966CD685E36E489951EF
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv44.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):31845
                                    Entropy (8bit):7.994830977471325
                                    Encrypted:true
                                    SSDEEP:768:BW6NXTsdEv2rxnAUAJYb/Kqj8JZjbZsLbBn:BW6ds/rKUUSCqjmZjbeLN
                                    MD5:AE721CD59DF67789B72FE5FEBC3903F3
                                    SHA1:A1AC6F678715E98E6DC412E3B06BF9556181B4D3
                                    SHA-256:929295B2FDDF474A277B72791FDAE5F9E606C37C6EA553B45ADDF0558A0F89F7
                                    SHA-512:EBFA7BDE6E57B6FB5BF114E92E2CCB71963D8B5520F386350F2C576B0A5F6A70F7CE477341852BD79140A0BD07969DF91FC02834FD837A64DD08510F4F1752A1
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv45.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):53792
                                    Entropy (8bit):7.996398865809003
                                    Encrypted:true
                                    SSDEEP:1536:BW63wQHGB+Ee6ignaq2v0MZe+/OjwqHhWDNuy:oOwQHw7e6ba/HBWjxQhn
                                    MD5:E5BE9FE9FC69D4CA4FAE3E164BEEF8F7
                                    SHA1:4240C824C6D42D0E2804BEFE78B12FF6DD441E31
                                    SHA-256:B8058CB5EB9C0B765F5A278B8CBF144536150FACF37BD79E4837BA2AD0DEA629
                                    SHA-512:6F01667CEF0BD072A72B07217B21E5BF6A14AFD3212A17BB106F69F3F479D3788CF928A0A87A71975945B78D9C8B6A2D423B31DC1EDC28B68AABC62F4562F713
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv45.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):31813
                                    Entropy (8bit):7.994070863700724
                                    Encrypted:true
                                    SSDEEP:768:BW6NC8gc37E+Q7Ia3g5fzgXwcMrcgFcKeMLlwWExwP/BC:BW6jzrQEaQ5f8grI3KeQlwWuwP/Q
                                    MD5:48CA22EB8386290DFD54E8C474879B52
                                    SHA1:311CE04FD8D3C5ACD3BFA13BB3024116F653249C
                                    SHA-256:3C52B3127BDCF7C2AF11243F0A51DD46FC4A8BF458C8C6FA109EA3F92A60534C
                                    SHA-512:7EB4E12727F50E75410F9986238B69274C2091E30BFC49459738D93B3CC19E54432C934E121A4656DB114D021BC8DF3A3E388D5755A3D0D583FBF77081E49F7A
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv45.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):103785
                                    Entropy (8bit):7.998154804983971
                                    Encrypted:true
                                    SSDEEP:1536:Z3LmKk9efPMQ8014sMlerA6hmOGcpx9/jz8Uf3OxCOurgcrPZ5lBWz1ZWEb5:Z3bFMQ8eMSx9vVuCNkMzBG7Wy5
                                    MD5:FDCDBBBAEE3059F45AFE1563E6CBBFA1
                                    SHA1:070C618BD94A68CBBEF90A7881613374B10188D0
                                    SHA-256:14B18605E1084E969EB0FD796C07FD885ADA907947291AF17997DC91513E4DD5
                                    SHA-512:97DD90D5317B04B825BA3D47F2083155441DE41F23B077D64DD98871C55EDF01C9BCA64F593DC1CB54B7A956551C76E6BF35A0167BE061B9E5B0781BFF22BC84
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.....".L.:.M4r.v*.t..b..tO..~.....&.G.....;.....,}..E<..23!...\i]...n.!...I7}(.V.'...x. .......nDB..P.^.1..A.l.-..h.r.BC.Y........7d.......\..Uel^.....^y./...?.W..0.(....K..tg..l.*......4.yYQ...HJ.:T-]!U.=TB..=?..s..'.< #yE<..`FY.g...t...X........c..]!b6...+....NrX...&.I.v.J.d._..{.]k<q..?......<-.......u.7.Q...*v..#.V..G.A...?.u.{.,..%\0L%Q...$M1+.'...=}....S....w.....0.~.BQ....S7A.A"TL.4..]..=.....}...lJ..".o.w.........9.N.fKN......D.}.........uE.f..(#../....gw..._o9..!Mz....A...;|...tn.#.<.f..q...:. .F+K.......X....^....C..../.Pi..a.{=[.r........VG....G....W(SY......:.u$.z,X.j... ..e......Q.AFs...(.h'........M_9WU.....5B<.....>....pE..7....Y.!,.2U...YKx.#&Y.<+.f.0~.R.E..J.Q..##..;IW\=..P...Vt.......hm....<..p.<...D.D..X..1..2.i04yzo%+CN._..MH..a.%....I.F......1...i...u.I.>+.G.n..<F,y.@6.iC..S..@>T3..Nv....;..^N|}../ihys.?..2.\..KB.ln ...2.m/..R...Y.mp...m.7<\.ax....H..I0Y...

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv45.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33413
                                    Entropy (8bit):7.994738128765888
                                    Encrypted:true
                                    SSDEEP:768:byWV4zwDjLTC/6c32Cew4cflNwBEm+AnBLB3TO3Kxj:YwD3TC/JGNw4MlNwDNBVC6h
                                    MD5:CEC8262AEAE454048A13FCEF64416666
                                    SHA1:48BF36FE244FC7300195796678D8D560032B718A
                                    SHA-256:BAD738A7A5E22A0B4DD9C6A440FF722D75B562F0D7E3052427EDE9F57BBC9EF6
                                    SHA-512:077E68C3C5EA91CAF3DA8EB91BF0A117CF83BB76CB57E4F54106D87A18D320478E4643CDC96C03CD9B94C6D10E7F79C87500DCBB0C639EF51959FFB38A7A2D0D
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7...7,X. 3g..XT..B...0.RQ|!..<.s.y..o.).....}=jW.........0.....A..4.x..9E.]..../9...9..q..t....o....... ..H{.......y3...CA......9....FF...?.*..F.C..e.}..B?.;...P3.NY......o.F.M....$.bn.]R...6...A.l.$..n. ....!...is.6'. Y.m...G.rSB-t......<E..2S..;.*./.L..H.....'Bc}f.A.HIw..a...fc.c:.^K.c......t...`...q..p.D.Q...Kv4...4.9\..@......x.g4d...S1....6.6D...?.J.H.)...;.iQ... ..C.......|5...oD.c._....b..'....z..2..\..cc.|R.yCU#..N./.v..@.\'..H\f...eo.6.}..].......'Z....?"c..FH+.A.....#..X..u..,....Q..>gB{\. G...b.=.....Z\....i".>?.....X\..|J79..,...6..I/..[..,..g.....".;...C.m.....(...U../...&?..2...!.......\t*...~...8e;;:A.....`z.%....8.Hk.>hl......-L....Lyi.p.j...q }z\..=.;..=r/.1....m.....Y..3.K.[..<.....].0..S/.d.t.WYn.,Y..%.M......cYpL.`.C.<&.,.....h..&.Yf8R^..?.h.z...)..h.5h.'..@...W2.n..a.....l.WIT.4.Z..sk..g.V.k.Axs....a..&...a.....b..'.o...6Fdw.;...!....^D..2P^...a].L..^..Q.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv45.4.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):65702
                                    Entropy (8bit):7.997244020702617
                                    Encrypted:true
                                    SSDEEP:1536:QayRKcGIakNwN56RcUfoZHhn0t9fAIH8TBOg:oRKEak+N56RZoZNu7H81Og
                                    MD5:C6607EDBDDFB082E9BA6689D3AEA1E53
                                    SHA1:68FED24E716D40BBE87B8A0A34B19F6D8A78D151
                                    SHA-256:F082CAC36BBBA6DE1C63C117C7088EF6467471358ABCF0941686CDD7A87BFD3B
                                    SHA-512:6EEF8E376A5E21E4F0750D0849CA2C0AB76D77DCB69E21908F5B2A4BAB9911F4E2CC504C4CEE0DB2696F21B236712D3DF13DC74CD01522AE01C0677C497FD3A9
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.9x.R8......N....@DiJ.MHYD.f9..:..y.r....a.Np.V..bQ#......."l.....4,P."pe...>...>..x+.....yC..)A./P..|..E...V....(G.m|...s.m.h/..q..yP..\...64.;..sZ-Y..4"..0+m..........4...oO.cb.....M..........,..Q...=8.E..pm.9.......6..s.].......BZ*..{I<f)h.....|.~..-.y!...Pn.*.%.R.......|............kF..z....nZ\q.i{...$...jV.\y.Bw....,o!,..\.....8.....K+..O.^...Ia....dI.?rK.Dp8f.Qs..&...8...#=1.<.....0..(....Z.thXq|....4Z3t.....kY...h..?..._.Uw./......3 .........}..H....U...%.Rs...p.:...8HK@...m...OgW#(.F..(L...dI.~0M.....(.q..J..8S.....)..t.6......>h.5.5 ...N-....3 .Ky}X..C-....]...+..Lyk....?....u.F;Y...D.....?.L_..qT....:y(r.].I.r|...;._=."$.0.|.....sS..*....N..../S.,...[..S...O...".B...,...jV..Z.T.n.F~b.R...=.x...\.Cf.e..``.:8..$...&.4.....C..l.R...X.lLF.`yZ..\\V._...|5...V.....A..O....|.;v..D47).%."Cdw..]...K#.+I.......;hEC......8..8.l.6.i.+.G.n;...Y.-aO5..N......S...Z...*z.X..*.y.&$

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv46.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):87089
                                    Entropy (8bit):7.997443715084655
                                    Encrypted:true
                                    SSDEEP:1536:k8LUgVYfcS3/AvCcvyQ8FZPXYjkdzrMTfOEvXcc/KjRqVGeS5owgq1O:bxccSPmv/8FeodzAz+cCjRqfatgL
                                    MD5:9FB28A483FE0F6E313424ADC933F2018
                                    SHA1:D9A04488876058281DDB52E8CBCEE17E65FD38CD
                                    SHA-256:844CAE30A329226B37557F2A4F5E3EC39B9BA5668F0FD85535121D17EB05D051
                                    SHA-512:EF21FBAA9F5DA834F2A0996A2CDDE8E94CD061A25B11BA75A3FBD57A04BC01B6F315043058D4878FE0B7E751877D93A84441B7162ADA4B99AB93322FEE8B51DB
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.b*HH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.*Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V|......X.m.:^..(.F.m.R.....{.K......*..*..KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv46.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):19144
                                    Entropy (8bit):7.989739913507628
                                    Encrypted:false
                                    SSDEEP:384:1Fr1b+1SUYj7Jb4sSC/bydlgqaSMBYRy8dhzRuI27y8OYRMHfw:1/GSUYeH4qa7Yx27y8Yfw
                                    MD5:0CF5444E3F86C21B31BDE867F575EEAB
                                    SHA1:D81B7FB4178FDBD274DC36713A95B85F7B2CF260
                                    SHA-256:7C9437E6BCA2A03FB75E5EE49F4215BC96FC295FB0C2CA3311FB61559763B5EF
                                    SHA-512:D0F1DD79EF572E3BB3B01F454914957D7E2D80494FECC025286CE2A87AA8E370337D47EB8CDB85E7CDEA9D841C46BC4A9E1AC831B0DF1B32512B689EBC429F09
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.b*HH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.*Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V|......X.m.:^..(.F.m.R.....{.K......*..*..KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv47.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):89125
                                    Entropy (8bit):7.998059583264308
                                    Encrypted:true
                                    SSDEEP:1536:3VbDgMEb5eSQUmNQnPmYBbU5/VqU1H1X1/1wenEm0IHEbd3pzDqBOot/8MVnW0YZ:3V5IjQnNiPmYxm/L1Z1wenEEEbj0p58F
                                    MD5:80D5F631C0C99F56A4F95A4398D5753F
                                    SHA1:A05A2BACCB9C0C2C412D83246FE2E8BAB03AE801
                                    SHA-256:9C67AABD5894663D4A71D7605753681861C4807A113E554ED5EFE3A6637B57F2
                                    SHA-512:D1E07976B24BF196E90CCA67178734EB01C704F40562FF62B735C4CFDA2606CB106345041876C7625ADE4737123DDD966FE4C7122A1033B08FC856F299B2C787
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.b*HH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.*Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V|......X.m.:^..(.F.m.R.....{.K......*..*..KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv47.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):21103
                                    Entropy (8bit):7.99184395160347
                                    Encrypted:true
                                    SSDEEP:384:1FAWMNOXM3Le0eDPfrlvKhNHvbysE05FT2jBgf5HFzB5+gcJGaIlK2cN:1FMrLULlcHOiFTeKf4WM20
                                    MD5:7A962A158FAC54BEFD5EA4277A549457
                                    SHA1:414925688F195194FC8BF8363F75395EBFB6638E
                                    SHA-256:76EA5441F6A6D54B07B269CFEDB92802AE31C66ABDB1AF4FB9ADC822A5C56BB3
                                    SHA-512:626DB8B51CAF686AD08AE061E6AFD940A9B8304C5248E546D0425ED333673D1DA63897C75B68E06F015FC00DB0AD754364767FDF655EADA36C262D4DC0818E4C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U......U._..(...&...l.F4.@..R ........~.....Q....P{.cM...K4..|o.C....jQ..y.)..p.......J..a......j}.A$:......<.z&.?!u].h...E9.n....v.=.....X ..q.i.....#../"~...?5;....LK.(*.&:b..n.<......ev.i.)>.4.*....EU.*^...%b .....aG..%..|1ql..'O.M..:cs..w...P...tgkF....3.Dp@..z6$.9r..M:.";?..'>QQ.s.. ........C.)+<...!"/*.._....}w.q.O..E.+....u.8r.wE.I.9.?.b.....e.a.....DH*R..z..+y..-7O.5'...6...c...=v......X..C....m...........V....m..l..VZ"...8.Z*...=.Q{z.v.i ....;&.Q....0x....7K.{Y.....M.M'r...,.....,....:3_.].qx..^.bm.[.a8.......7;.Y2..Y....lx.............\....=.1..u.Y.H.....m..."..aZg.Z.n..t.|l..O .

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):88703
                                    Entropy (8bit):7.997973191364328
                                    Encrypted:true
                                    SSDEEP:1536:X2F5d7zxnNLy771lej3gojuTSHXs0UlkBUkPk6pmP09dUJThvHSxsSM2el5uy5e2:GF/u1+3godXs0HMh09oYtOlCpc
                                    MD5:09A2E721F5EA3CBFCFF22795F16F2993
                                    SHA1:7355CEE712AAC2950EE8C053102397850D45D344
                                    SHA-256:5C3DE99CE2F7268683E4F0EEFB09D99A9AAE5706E9256423B699CDCE09E61AD1
                                    SHA-512:1813CDC3DFA2D3C9927F54A627269BC1917C043D3375D5FFFA4D3BF0885B25EE3273E0EF44B4EEB4437D59FA668EBFB6DF774E877F2B6ABB8EF0AE31F3FD48C8
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U....)....W..|]AzS3.7.).F.D........-.Z./&.}..+.E...."..'.I....6.......e?.M."i.`......N..>....&...?.n3.3.....a.7{.t...C... 2.R.j...c[].6.L^s.b.7..8Uy}...g.....wr.njA.....l...Z....A.FS...._......A..}I.i/.{i.4...z....^........<.{.<c.......ee..9. .C...Q...o.kN.."!.. .......[5..-I..%3......m..H....,..Q..A.;.....4G...`...$....r..4.K...#A.S.$..ca.....L.........;AU.*..*.P...9.....M.e....C...C.QE......jX.s...q*g....._...B......g....^.K@......R.o.......u,....UP.z.L.|>..{.b<.......-....+.{.S..].`...Ux..x..........[.}l\Z&.a.CH.>...Q..-(.1...X.....c..6`.j..0fX..y....J...0a.s.W..v@...J.....Hj... x.5.v.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):48402
                                    Entropy (8bit):7.996540920540757
                                    Encrypted:true
                                    SSDEEP:768:1E2I87KDVm7NIsqZONbp3jB0N4hu5/kXB2JuD5a3nPd6P94CTpb9Z0ITGcfRhl:mvqHqZoBjB0NBhAguDY3VS5Tpb91vZ
                                    MD5:A7D2B8EE72372223E3999DA4CB9CDE32
                                    SHA1:D52DD07B4A6172DC7F9F7DA46202431741D7C18F
                                    SHA-256:E79DE67FF0BF12E2D0AD1282A083FCB1A1DC2C71B8BE6773A70FA24F2BA79813
                                    SHA-512:163DF98E196B5565E5A1E7DB3EE40CB94BFFCF6110D17DE97E3B1CE4D818C99545FAD906E44EDFFCD6C7327E10952F01DF75EC90BE1971E9AD228077858AB5C7
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U....^..z.{...ia.!}.#.cJ......H...~$.H.&-.....J....O...e.O..........3.{.. sVM..../a..8..._..'A2..B.a8.d..y......j|vG.fl..._.>'....K.M....S...q/(..?.n,.9.u..3..F.W.......*...5..|@]<...:..Le4\..G..E.;..^.\"E..6.5.!.?.;.3...E..7..`.......M....<.r9...g.~j.p0.S.o.M.....D. _S!.!.B..k`*.t...N.n.~P.d.R...J.../.c.e..0..ir.....hI.tzS..v.F..R.. :......%."!.n-....[\.i..{..|.8..6.KSN...3..&.0t.#.5..erHsD...E....B..}.~........+7t.....T#`dF...e.&.r......Au..-y..i$).7.".!..>bl.v....~.zM.$.k.Q\..X..&94.c......2.=.:.82...?GH|.Eb.....&Z.BZ].&V.d..o$z....r9N!{.G..h..UTy./YHT.<..>S}f...hz..so..U....^.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):85952
                                    Entropy (8bit):7.997723746290305
                                    Encrypted:true
                                    SSDEEP:1536:C+uxy76lXk9ZBFLYZmJuPx8u6nkVj20LobXHK0xwrhXC89cQ5iIxloOXZMnwN6:C+mg6leZBJuPyu6nkVjzobaZSQFoOXZc
                                    MD5:1AB21C5CE52A3B96BDD9CEAD9FDF91F2
                                    SHA1:C9DFD5ED7BE1A3FBEC25E571A2DDA485661DC50C
                                    SHA-256:7A41283A414F42D601DBCC159237BAB46053F34E54617E5B5C46F71DEC29D35E
                                    SHA-512:A8E2EB103DCA9B0BFD293C84D7E8B13C610BD28ABE697327AF4C6FF1FE5D5B693DED1D2D5AC8F853F96A527903E9D77B021C0844418044125A06EF2CDBDD32A7
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...{w...<0.......N.r4..T..yZ..U..G.....r`?.}..A....'as..a....D..-W...!.A..P=..M.L........TY........[,..u...z`....4.T....2...j....aj.yy>....B...a.l.'..r#J..q.7&...9;!....V..>u...nA.-..:...69.=+U........i....h...K..s#..k@..VL.U....,.n.6S..}......`...e.}....G...?..%.w.M..9:..... ....-.^'+.t...........4/...<.....0G!..X.b._5.....Y3...NHf..d.G..M..7.b....8T.prgS...DK.erP..A...e.....d..I.V&rz9.}.'......W8Ij.-....l9.....#G.t(..&,....ytNoz...]2..k64+Z..M.........mOPX.;]...h.N.C&Q.V.....X.#.O.B\$..q....Cq.MgE..2.j9u.......r..r...U.k....1..8.b0.jW]!.UHN.....8.7..m.Pg~e..e..+X...{..1>~...FJV

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.4.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):66675
                                    Entropy (8bit):7.997200345251726
                                    Encrypted:true
                                    SSDEEP:1536:Zb5PfGKN+w1JgYWhXqYnMYsrhkLaLZjtGbEBd0sea5otHQqGrXi:ZNfGK7gFN2rhkLejqEB+ae6Xi
                                    MD5:BFF1266CB467298E1BF77139D09345E1
                                    SHA1:1FDD52F261E8A9B5FD57AF4EE2B8B7BB4EC99B7E
                                    SHA-256:A35D6A6DF0B4A1D66438B48317D31DF0926500CF03A439413B76C691559DD232
                                    SHA-512:ABD217D6A0FD94F20209CEDD9A0AF561CAD71DDEBC3B2D7BBB82BF0F9799D143489C9D312565871F29BD7DF54983F52A17F3F27562EAE7AAC8CCD487796C9D91
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....5.[.....Pf*..V.z......L.#.z.`-I..!.N..u....pM.&..sDYX)U{ t.v_U.ML.w..eg.a.1......R.q...."..K.m..z...{.....`......uG...:...[.....`#....&p...2...x._-....!C...o..o.\..l ...Q.H..h9%.a..'.8.........S4=..Y..d...b...._.. .'..7.5...`@..0..@......cP.0E.....9....g...7|n.%!a.&.Y`b.8..*...A .....L...r...Q...R~..zZ[.3.....H@.c........K..<|^...Q.0/[..@.<[..#....`?'gn.x..".....7.Z9z9..z.Q.o.....0..:7.O@.......2.gcb.Z0@.&.&..fH?.~...5.`a...s.B...J"B......q.t...!.#......".G......t.`..t..u...3.i.,..#Dz4...||t...".Ll..Z..*..b.f.....`.c..H.K........'..B.k7..sd-O..j-..)Oe#.80#....;.Q..Cb'..r.Y..Smb..{

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.5.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):92378
                                    Entropy (8bit):7.99814110360773
                                    Encrypted:true
                                    SSDEEP:1536:tgnDfdhbCSGXIyETXN5YYY0JLgpaXw6Ued5488BBccIHkBrjAzcvO+z2onUmGa:tWXbCSGXtE9gpaXf4nB+HIrjAzcm+5UY
                                    MD5:2A8322657D20CCC866150BEBC9630AEB
                                    SHA1:083C0665D5F92BA9B9C0FA8ABD886FFDE99EA508
                                    SHA-256:BEF7BC80ADA71D2AD28950C5B2B291513E913B2A65A802CA0384E40759942274
                                    SHA-512:62B6E106F9E9C55FEB2A706C307005AD13B3C2D15A388088BECC34AEC3EF82D9F9E17E6AF75B5EBBCD3DAFF6EC22EAAAC240CE995B07495F251AFDEC13073A69
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.b*HH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.*Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V|......X.m.:^..(.F.m.R.....{.K......*..*..KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.6.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):38466
                                    Entropy (8bit):7.995165443733207
                                    Encrypted:true
                                    SSDEEP:768:1/7cEIBwv+fMziSAhjeNhW5iJgAGXykYEZAA0vea6rosyz3sL36/:udfWA0Nhe4NA0veaBz8ru
                                    MD5:35EF6B79DA388875331B47C2EBC2F47E
                                    SHA1:C2600F156D2D9CB3A8B951A3C25D5C18BEE3B8B1
                                    SHA-256:3CBE601BE6588C29EC451529BA99FA9288EA2B9F06FAC2D9EA9FD2ABA17F8D2C
                                    SHA-512:86E6C72C1B197F91ADE214A0513936C1A46FB8FA26EDB03E2DA8967902EC76401BB613B3D2D987F77CF0692087AFCB01465BE5C1ACF67716757D69F4842A0DF2
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.b*HH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.*Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V|......X.m.:^..(.F.m.R.....{.K......*..*..KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8....y/}.7.o........

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.7.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):89262
                                    Entropy (8bit):7.99808539753097
                                    Encrypted:true
                                    SSDEEP:1536:SBDbRlbqNtRyZzp9wPK2yZEpbykFf1hyM272MsOvupyNi4DsuuYh9sG:QX2dCx2yZYbXFf1w1vfBDwe+G
                                    MD5:AB299939F803241F523C0CB4D6B4D0C4
                                    SHA1:1D76A8DE56E56BADD3488B9DE1C6FCB58FC65074
                                    SHA-256:A5433FC2217D43866965AC1DD3400E09C43E69CA465DF4CE11AF778E77DA24E0
                                    SHA-512:1338BE1CCC39312928A8048F3D813A90F521E10FE01DE2141F80894F4413E2A026C8981F5A896132D6A6592313C3166C5E4628D3681258AAE3499B5E2344C9B0
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.......j..:...].._.~h...H[2.W..H.(....<.Xo2.........!.=.7`..r..}..Z..y..T...N.[0...{kT.k....U@.|.....<...U..[.2..iD..l#..X..Q..I.".Q..0fP...opoC..._nag..G...H.H...J.<..j..5.$,...U..IO..a...........q..m.....y=.oq...]e.{.t.......P...8q..yT{......@L....sq.$`..c3~.\....^.?r....W.+.A.;.Tu.`s..w&@e.i=.}.......C1b.....[w.s..X..7...0$b.....B.]...&N.../.t'l\yC.*k_.V.....|..u.......T.R9.dUk..3j..I.6.L.c...I..r.x...+.>.!..-j....;.}...Cov..[mi&....R.vy7........k.fG)lJ...:..../ni.{....L1.M.."z.G.."f...40...`...w.ge.^..7..k...Q_..k.7..<K...P...gK....&p.9.u..z./...l.......^Q...q.n..A.F.......`.j......B.mr..;

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv48.8.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33470
                                    Entropy (8bit):7.993865224775696
                                    Encrypted:true
                                    SSDEEP:768:1xo/WOGzsaLDQvG62vPagGSteIjjdGq1tYY2LsLpEZ+i:eWOGzsaLDQO6WFtjMsRu
                                    MD5:A95E284BBDCDCC82138270A29DE31376
                                    SHA1:FB4EB3AF050A86CF27A27B092EA086BB52F5BE07
                                    SHA-256:F9A5A71B000D9057942813FC2A61D8D5CD2415F5B60E75A1928D4D38EFEDE15F
                                    SHA-512:4AC1E3354F5FC2596D39B9E1887F06193795214D569A178AE3B3E35CEB706D2BCC10615FC92F7629DE0763F9B6C79B2479444C37388504CBFF37882421699AE5
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....'p..~AS.tR.W..o..?ug.....7....p.@..:D....k\$,l2^..I.{.;<.q"[Y..v..r?f.....:#....F.0...;..|...U..&.t.>.........q.......4.)M..R.la.=....U\.uR&..K...L.D9_....D..?.].h{}.<.......z...&C.]y.;F./.N..T..bq..,..r.".#x6".......&...!..9Rd.k.i.W........D=..d........$....k(...%@..Y.(......tY..;.?>.cq....]6N......d...HJ..GS.x..T.......(.Z.DY!....C..C.pb..Q{..HE ......."..p.h...k....fTas.C..5k.3i4NC... .e:...j"Y7.x.k...4......as08.J...n....\H.....W.j;7-v..D....1o.E..../+..TQI..K.'..694....ze..'.gR....I.q|..j.1....:y...u.....&M..s.j..{.>....,.5.-.r.f>L.^OZ..g......P..+...q...n.3:;I>fs.Y..>.b..1.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv5.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):90055
                                    Entropy (8bit):7.99800317558275
                                    Encrypted:true
                                    SSDEEP:1536:BW6/qkkUUtEvO438Xq3tgPDnDfNScYDrcjO5H/kNMPE7AEbFAtqWuV7y33:oykUUtEvMqCnfUcYDrf/Qv/8qWEq
                                    MD5:44ECC1328F59A8E238B7CC0875D8676B
                                    SHA1:B8E208314A05A58B4C634B65786EAB5396E0A163
                                    SHA-256:ADA56B7CA45E461C08E8B3DAF1D3B0139ABC31B05DAAC06655FA8A4064D8667C
                                    SHA-512:E45EF02ECE30F63442A37D8E118C8EA2173B007526F1A8A59EBEFBA73098DA0EB2E3672478FCA75B929EB1D93E91932E5BF9E5275E5F656CD1CCF1BB9B8DEE15
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv5.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):22440
                                    Entropy (8bit):7.991781976298273
                                    Encrypted:true
                                    SSDEEP:384:BW6NhjvQ1XoKt/0bGVsZ7aq5u2DGqEb/LBphHZn4pQgYuxAgdzBnw:BW6NhrQ1Xoq1sgxLqEbLBD3gz1dq
                                    MD5:B0972A8D56CC2BC157A681D59FB35966
                                    SHA1:A0D9AC2EABBC73D8F157C7E1468DFF204AED7F02
                                    SHA-256:B04C2BB17C93C9D202514E8E83FB557F7CDA9197D916A9E786EF3C0D517DC412
                                    SHA-512:9A1E42597A89728B842CEC70CAF81194BC4CCA368A97BA22EAA31F6AD4DE9EC24911839050D1369D5A270F45355CD4AFEDE8430C0FE74E486759524779052A04
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv50.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):67220
                                    Entropy (8bit):7.997347335105439
                                    Encrypted:true
                                    SSDEEP:768:/GvmDkgV28aGVFzQj5Cv9+AK56fF6rXil2n7twgeKw34bC3JfbuUv+nunPqEBXW1:bDJ2ifN1Wi2+bIbIJfbkAiCWoW+Vo
                                    MD5:96A7F4A0127F63C3C0E92CAE004872BB
                                    SHA1:2A29D093D630A89197C970238343FE059A21DA0E
                                    SHA-256:D4F25D5560A87CFA41C7024CA9D83837C96849DC5358DDF32506AA83BD8DBADB
                                    SHA-512:04705D238E5A40598690690DD0A3AC116A9202E9681BC06A15F0DD4E78F992C5B51DC429C9DC41845F5F0060213CB4742132C0E2F11A0CDE50FCD9C49C394B63
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#..\.=..!....v.y=*.G;`..{.._.`.VE.Sa..[.....5...2/D/..l.`...S.a^t.....M.VsZ._.\h.k8.s.....8..[..i..Y~..a....aKp.;...%5.{...,.y...tE.b.....EvmX|%[.4..t.D... H..^xq...>.....\".wY..Pj.q..p.ckub.:.L2.(2.?....u.}`[...q-...?.B........V...@qv.....x...F..~.....U.?.....@[K......'.q.....[C3.f.Fe...s...F....H.G".....W.g....=\.f.b.I....tv.,......GfB.....,.`9.Y.W^...@:M$..X..t.....p")...6"5.....f.<z*..G..B;.ip4........a .y..,My.j..}. ....%1.zy.o..DW.J.......{.\..=.....^...5y...a./+?..-.p...p.'V..w\4_....^....~g......._.].J..{TK...4(...:c...f6.V.m.@=.."..c.>.%.;...Ci.o.-.;..!..d....p..h!..U.?...\.n....[..){.,.QF...I<O....b..Ns.UJ...\...... C.r^..o....)..m......VSM..`..%...!...W.pt....tW.....x.9..v..M.Z.w...#X....4...0..?.&...;......5G......w.&.F....j%h...TSm.izw....2~~..r...%.?.~QTs.f...e~..JBc.............r....$...>m....a.$...AU.x.%..9.zf)(.5...^.wz...c........s.Sd.h....>s..T.[0.B.$.U.E.....vhQ....2

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv50.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):69227
                                    Entropy (8bit):7.9974693696866845
                                    Encrypted:true
                                    SSDEEP:1536:1hEm+ibgL9TUn0MBKAHof45Vcb20WOCCq9lTd+TXCX8:fP+ibgL9TQzBKAV5ybLWN9lTdee8
                                    MD5:1D2122AF5F67CBCAFBF8F79802E35D71
                                    SHA1:319750A85F6D0B2ECF72D811371558ABEA9966DA
                                    SHA-256:0315F9DE29ED2B40C9018E9444C6F3673DA980E5830A6D0198DCE76C1EC6B097
                                    SHA-512:A2072DE9C52FAF84F5A52DB3BA5E810B4A76D8A07AD07ABB7442B2881D9929A70FA2DD4AEEA04B765965A38BB6BDFE0499749AF1FB20DBB6CE9C0C733C871018
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;..{.E]e.dPD..='........5~(.. i.Ef..s.x...3Cb.<<.fkPn6.s.h..P.".Cr..X..\ ............'f..5/..8..g?..._.ALj.#..\..oT..6/X...2.o..u..R.w.f..L.j.f.O............F....<....D.#.....4)../......C..|z..m.,/...........7[..G.E~.j.....v.......r"..yG...`..@.......{~. e_.9...(..AD.^4.....e_....8...}..`-..t.....<%W.=.U.@......g./..3....O.F.q3ac....0.47....'.n..u...>1...||'../...3./....MyV..#.W..Y...t.0....lx...w.!.t.;+-`..v...9.)..z.Y.Gh$ Y.qi...&..&.x.xr.?Q.......6..S..h.i..H...[5w....V.n\WZQ.D..o]"..k._..v....W.....O......W.iy+y.*.2...4.....\cCp....y...K.ht^g...Y{....T.BE.M....UwT.t`.$|5..9%..+.~.w.P../Bw.....+3..4..[..J...c...."..k..D.............q]/M......OLog...a..Z:...B.,'..j.B..;...}O..u..G.y..~..q#./..G.*I.r..i.;..w......!.....e.e.{....[...\..... ..V...I....R...i....W....F..kp...7_.(q..V.p..NO..6q..{gm.....q.%<.....3Q.,x..:.*...G.(..J[.\..(...L........o.<.u.]...6...D...7..=.7Z&...7I9.yb....l....U.]...

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv6.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99229
                                    Entropy (8bit):7.998172009274098
                                    Encrypted:true
                                    SSDEEP:3072:oB70QLzwr4HrXnZZkbBYb3MBPBaqALCGUtJJ:i7PLzweXnZCm3MFwqMWJ
                                    MD5:C02DCB97546872D163EFF9D291CDBFD3
                                    SHA1:0BDA89EA75167768D9A08A1FA6ED6E1CC686EFEB
                                    SHA-256:03D9526D1AEF606B1FA43C127E7B1141AA568FADE454C1C0060BB9C732E0B626
                                    SHA-512:66E748A8560A8A2AFEFFB5A176E463B6B0A3E45152E97ED6B2C3E72C616AEC3746D7B5AEB8F87EA97E657C47914680171D7F12FC2221D6D2173533EEB2B45AA3
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv6.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):31788
                                    Entropy (8bit):7.994731967225481
                                    Encrypted:true
                                    SSDEEP:768:BW6N6D8t1j8MyZVPL7+dbD1VZMufi2LGxwxt7tno4moX:BW64YtBy21UQisGxwxtRGS
                                    MD5:7ACBE69D3B767E94BD59B48104364992
                                    SHA1:647C91290222513C2AB94FFB8A36F70FEFF265B6
                                    SHA-256:593CD5BA79A489C4388809E17EBCB32AF9B10EBC33C895955E13A06CE8F48C43
                                    SHA-512:EE5D2EF06A22F741167A5BEB219678BE65B9BFF4F258F0BDEC587DD9A1ACEDED199485B4664C9B870775B105AAB08916DD8FB36912C978030E55EE5A66B38648
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv7.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):97511
                                    Entropy (8bit):7.998029934840964
                                    Encrypted:true
                                    SSDEEP:1536:BW6YRAslfDTP4mykxKthRKjv4UCAnhfIMHsIeIVmwRXuZBDej5l7ahUn70N2x9Ro:oesl77DAhBzmRIGsWR8FejX4i9ib
                                    MD5:53BFA45DC4DF8F99473480A954EF3981
                                    SHA1:53A74C7CF7AD41FABB4609C7EEB5BC3428B55B1F
                                    SHA-256:A0F2039554A03DB416709C08D36012CBF5A8EA313C258A58B7EF43DC947A1AAA
                                    SHA-512:86E390863EF48232BE511B1035A0B58888EE25FF708C659DB94562DEF0EF6B4A1907EDB00287612DF4F91A13647D9471FC0ACF092E225A009EB9ABC38D4B0A44
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv7.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):30258
                                    Entropy (8bit):7.994163063127342
                                    Encrypted:true
                                    SSDEEP:768:BW6NiqLRJ1pIsEine4QTOvc8k2VIx3b+mUZhFs/eZ:BW6gqHjEjavc/ZsFh
                                    MD5:F2320A86A314A2B869E484BE85AA6DA2
                                    SHA1:E4DD98178CC70A9C3861BE10539DD9EE44797F0E
                                    SHA-256:C0908DBA50A0B348646C7D12E7C2E247EFB76807C7DDB8911E9D4A354ECFD320
                                    SHA-512:D9C5D20CFC30A1C476B7C75549CE328A8E0DB273BE7D95AAA3682EE9B2B9D5F99FFF38D0B1DEA610B39B22B4B6AD76ADE47E164536D13BB12DAF6D0316BB8C57
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv7.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):43405
                                    Entropy (8bit):7.995486194210034
                                    Encrypted:true
                                    SSDEEP:768:BW6N6duWjixltgJ/YtP0CFdNOek7IsT/KsQc7T5sFYBGdqxWMl6NPjAu:BW6UdAxltw0TNOt1T5kNdQWMENPj5
                                    MD5:038BD3AFC1C645309EA2AC8241FAEA4E
                                    SHA1:5994BCD83A0FFC73AC95C04E72A760E0CDE69AAA
                                    SHA-256:62EA1884D2CA67157D5B5706EA9ECB04CEAC87EE43C6F776849075D6EF77558C
                                    SHA-512:4EE4834975DCB18F0752FF82FE22E0E72BB658FA210088F8D29C7AE6BB0DDFC4D3CE624CD4CAE777429B32CA63997EFBAED87457A599D315C2314B6360E3C2B4
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv7.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):59084
                                    Entropy (8bit):7.997061813185959
                                    Encrypted:true
                                    SSDEEP:1536:BW6sdKNDauCui6bsn6ueXzMDGMw5AuOGt1K2qyuqdMUgOlKSo:oFdA+uzbTWwoGt1Hv3o
                                    MD5:EA95C5772F569691D94170C70962F47F
                                    SHA1:BC6FE7868B681FF643C78F7B02B2C79A7FF6D53E
                                    SHA-256:2F47E1C26AD874F6D7DB789195A379A6C48F0FD6C29CFE074A1B5EC5ECE975D5
                                    SHA-512:6475BDA81B9E27E6873794DDDF6118E36F7B7F5E47CECD682C078746B9ADDA5BDDBE8CAC63E794A0E63B3F1E53D946B70B0128795AD1B134D26D2246F19BCC41
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv7.4.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):81522
                                    Entropy (8bit):7.997658728209986
                                    Encrypted:true
                                    SSDEEP:1536:b3X4cXIoB/iOrydkB5xlW5mYiUBse73BnDPO/tGVI0zfJrNcO:zX4cJ7ydkB5mS8sm3BDG/0I0xcO
                                    MD5:C73202DDFB9FFDD67A33F1DACAB45698
                                    SHA1:64A4CF5CF5F44FEDA94DC39598D72A87E822AA90
                                    SHA-256:4605673AD3A8E30731A88C0AC09350B4691D6FFA035F7780213AA43A52625B1D
                                    SHA-512:A2FBAB8F0EF496286D83C915427021D393E5709C00244B051AD9785B028919FE8EC5A96E40597A94C95A79658F90229E59379FCDF4255AAE8C22706033D0BD2E
                                    Malicious:false
                                    Preview:.#D...e..,....<....`......./\.r49FHl#.:...\.2,....W_.{.Z..E.#.L..B[.z....S.N.....Z.On..eT-.m..t.%..K....Gc.y...r....FnD..a.....r.`.@.I...e91Y.bh.......F...~#..........Y.>.]X.O....d.d........3.FN.O.9a....[39.xdw..........C...h~..|..Q...i.[...w.8.w.xz.....H....v.......e.OO.3..ul...y..3...`.C.,.1.P%.cw@...v..\ ...*....O&.M.....+..NI.0......5...y}..V...b..(_.l.).q{.in...dRL...mm...?[..Qjx."f"..]>..P.b..zl$?.f'h#z1...?..c.|.0....... .>?.j..`<.o.S...+.\...U.l:._U.-.."c.#..g[.W.V)?<......&....kzR.2.....N....;-K...<aS.....1.Y....w..7k/y.MS.S..|....W.9...q.U..d.0T.......;.l.......%..... %.T...l<...7.i(2]?......Y.....Ni...j..R...@....3....z...%..[.,..*f..9].....B..'..jGN../.3....tF2.....4...I....C:Q6.....B.1Y..K..P@..J....:!....H......Z<..iC....l.p....\25].Se.A..#.D......i..........G[......)..I ..#[....Ln.O.W.']9..ht.p-...O.F.BAcK..Z......^.....K..`..-..1,.....j...e.v.>.l.{D.1"&..RV...0....M.X..0...~./...]..J.w...;.d....".....d6E..s.R<f.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):54271
                                    Entropy (8bit):7.996154467203659
                                    Encrypted:true
                                    SSDEEP:1536:Fx0Avzenzqjc78VS55Sd5qd8S+OGQW6ilB:7FLezqjcAGoFL9
                                    MD5:4FC8540FBF4E3AFA2840D25A9DF316B8
                                    SHA1:7ADBF3A7037653B3637F71D5A69F70FA70472F75
                                    SHA-256:CADFBABCC733FADE8DE7BDC91873D8239FC277DA329E367347F6698DB7E7084D
                                    SHA-512:A2273FF865274AF535E6688DA69DB520E85EC60BD02036E8C1E278F33F85F093764B20A41C478B4E794A5D958155420B8D8DB55A80D0D9E754EA1835BB16AF09
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7./..@.c]w..`.(-../.......L..hY..e....*L...9..z...S...=..3..(.>..?..l...#.I.C.Y.D.C^.F>.z.......K..>1.I..@....4.q..+.e..jb.^@V...a.&...;.Q.c.B.Vb..Y%Y...>..fRR.....1.JFq.j{....9.:x..E...Wi.xYa.>.Y9........i. ?.......5..$.G.V{LG@..!...od.^..9.Y..'<...`}..[az..R...ZP.(.+.N....!.E..].r..N...x.......h....(.......]..fV.{...X.6.z....o..F*(.y.....5On1Y.......uh..Jp.7P.L......Bc..c.xZ..V.g.L.....6..S].0...S.K7...U..iT...@$./F.@..wSg....O.....F.......&...=.s......Y.._.T.#@}..z.v...........JR..|*/...L....[e.m.J.{c.O..=j........S....=..b.m....`....E...i.......\...$a...;.t...y..o. _?.-...2U@..Fh.t.[q.L..H..}..N.iMyN.;.o.....^..X3k.....Q.!..,.%..N...<.v....s.z..%..U.|#P..dDUj.C.X.Lnp\pc..%:...U.m......\.]w.5.)x....[.C...Ab..!..3.ef..;..zu...CT......."L ..z...N..$....W|c..yDAiD|JX...Bp_.5\..9'4.t.....$...K}...0!w'...I.s.A..0H\..P....yJ.. .......I...."@.|8R.w.@\/.........Q.O"3...J.....B..E1...A.......(.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):54267
                                    Entropy (8bit):7.996157207621053
                                    Encrypted:true
                                    SSDEEP:768:bIf4jUAYMjFYChfd7ERG6ZFKdq/ZCX3O043AQHECC7hqTK1NPFeWiL5x2hFAKie:tFjKCxeRG6bD43OTAQHilLg350hFANe
                                    MD5:977B7241DC4505AA0224E7E23DB7AD0F
                                    SHA1:71AAF95C01074C05FF28AD55E6DEC9AEFAC927AD
                                    SHA-256:B3CBDF11FFB6631B9802E22F4B2E17561CD791AC09051F46638461928A3F79FF
                                    SHA-512:1A9057C0EC791B51AD8DF6CC73E4EAE892EC80FAE05CA8B96D8C0CCA36DAD56BA4107CAA8FF68AFB63055FA92CB22F893C1830C3CBCB093EC1D041A7FA86398B
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.bZ8.7..9..L......{t./Ho....S.I....h.?..>W..rO..vh..*..>l.K.Y&.\....r.V.b.&..2..r.N7r..1'..3..@U..&gV(.+.N@.{ ..u.ZN.t.`.$........).+.Y.~."..8T^I......%.^g.V....[q..i.AJn.=...B4N......?k..#....%..7~5t}.E...iq*...W.~d...^..pQ.s.g.n...$!A..B.celm...q<$.m.[.bi..IB]T5(..<..r...}_.?.K.......,;.a...LK.......f..tZ.^.h`..v.....H...K....<.'e|.et....<.?.3...t.K...<.Q..n..o......+YG.d..O....nC.k.P.ri..`....._.B...N..[....e.{_.{.2idV ...J...=9%..........z..Z.'.....7......=....r6..s.Vg:..df*.a.t...G..P}D....{.F.....].........q.E.e.o..mu..Q......s.a........~...e.(...D.n.!4....hvW.F"f#]v.....>L.,o~.=P@..O....Q.......9l...Q.........."*#.......g`......{U.z..n..h..M}..(.c..z..$.>. w.d..=...fC.$...x..5.....DL...d.....+....^!N..F#)....z`.i.#.?#...Xl..N..+[.......&..&P.....{&.x....=..3/..C5.Y..".T.W....6...cP..S.bPy,S..7.....cr...<...)....I..+O..*....$..w.H/....<?+.....p.._.2..E..R.F.x0./.}.9.&B...

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.2.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):54542
                                    Entropy (8bit):7.996777934930877
                                    Encrypted:true
                                    SSDEEP:768:bqj2+l75MvHJIFoJfR308eSm8af8/+IN7CH/XhihgG9arO4ahEsYfbChfa0j4kw:5+fMhrfB0pvjf8mIpKhid3NhEsY9yw
                                    MD5:C4BA70A7D3EA200058CEA9425C8F9FD6
                                    SHA1:802FE4B912389CBBF8B5A3A94237F8C3FEC6B2B2
                                    SHA-256:FD0D33BBDF0AC8BB55233DC33EB2B080EAFD8086DCD50EE474097182B4979C4E
                                    SHA-512:390F4A09D4E0D2861A682A75B8CA7327FA31B362633D0474F5D7C25218337E4580CF5F0B882C9BBF5EAE58E10E1D8EAFD0537BB18DB1B48A6D89B7935381A270
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7c....,2<...#.n..e7....a.z&.KQ.U.\.w#.......~.G`$.0;.....!r.........7.F]...2.N..%"._o.Z.Zf44....9......0M8O~.D.'....E.?YE_#80sX.hL...6..$.........+.....l=.......u...6..1......r.zY.Z...d....k..2.k.........q.......j.L.l..{P....M.9.E.........^N...*...E..2...*hu.C.Ub...D..}...?.~.<.t.{.......y.*...:....6t wP,H.8.u.e...U..{..f..z..`..=..oR`)cU.wl......o....)?..-..a.b.j.k4%q*...B+......pf.l._.r:...s8..<.]`......*.B..f...>.2..Bp.:.p.....$.....D.."..%.i:....@.[..q..#.....-;...z$.f.R..3....(..+..M=D.p.#...v.}\..y.2..8.v..o.3+].....x......5ql]TCI.X..........?...k...V.....{.p......Z.dl3....XHF...d/_..4..bG.wQ.}..........&K. .^SR.]$2.V.B.........h....eF3...[g..L...B...]..XS..S"N{;)..X...d.8.3.'...H.K..n.R>y...w.B.]J.&.e8.jy..2.......q2u.N3^..h..{...wp.kdN.D....-.Pc..........K.v.6.6..6....Y9......J{.@......`...F...+;{.... E^c....AL.bu$..m`.ikf.9..S|.{.gYv...gi..E....VLD.l=...?....B..:...

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.3.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):48465
                                    Entropy (8bit):7.996023522099269
                                    Encrypted:true
                                    SSDEEP:768:126RcSQdZF2Bin2D72NR5UmDyVepDiGfmVObjDSlhv5QSu0abU0LBmGg5m6q8iTd:I4QIBVf+UmvpuKmVOXDGFm/wcQ15eTXN
                                    MD5:52F6652D8FC5AFA4E44E4DED5C684BD5
                                    SHA1:CB0E7C4325C3480A1B2E6EA03714E9ED69AC5276
                                    SHA-256:857FAAAF078DDDE7200CCBC35CED29C032A9EA9B4651875044A3B96FAD8CC757
                                    SHA-512:C8201372D6CB128D77384CDB612ED9BEE92209FCCF857F2151B50781B5FFBC414148BB2D954255651A7CBCE8F5BC5EFDD430AFC6B0989B682D7A6D3A504F638E
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...........P..i.Q...\.,8...;...W..I.Etu..M..~...(.{'?.../GjT..~u...........N.=?}..?.;.]...t@.?...wv.~1...+....X..~..W......&.*$..Wv.u..\.r?.|...`..9<....j@...-.B.>U./..H..h5z]H(|......&...e..e......a#-.$.).(.oQ..^.`./.X................d....1$PZ}.^.].H.l\ .K....o.)c..R.O.Pd..8..)...U.;..6|..h.Q.p,.%-...yD..2.+.VF..x.........J...4.I,`......6..)T.|o.gA`..+....hh...yK..c[U....)}R,.BI..t.g<H....K...D....i.l..8....|.}.[.R4.Y".pNK8.{..0.K...:.x...V<.......m..+.......z.e......#.........m}.*}Ex.9m&."..j..=.w..X~~..z.....(2!.*.....%......D W.w......\4....Ee..v.eo(/.B.s..|.E.^QU..]..{/..8..<r......v.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.4.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):48379
                                    Entropy (8bit):7.995855149348939
                                    Encrypted:true
                                    SSDEEP:768:1ZkEYbYjX81mnAjovvj7NWZO5DUs4j49l2OcWlh/1dmMOCpk1Sj3v+9XowlWp:3Bn6o3j7NUORUzOpPOOki3v+9Xomu
                                    MD5:883A1B91F14B697F0AF91EA816D1FEF6
                                    SHA1:5601CA6A75306BAC8FEFFAF085BF6F34B6EB95E4
                                    SHA-256:4307418BC0AC74ABC4D3AE26110C2BBF46844B9022A6236916960E596DA60254
                                    SHA-512:E2295E7474AADF3C303489C04537FB7A25D342035F9E803FB61007E2FEB79D24A3499D7145BE1CF42D31B64A1B9EBE7CA1628CF4064A4DAB394A04D7B2421CAE
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....k....~...S.Jk.....M......}k$.....v .. -.,{......Y........c....+X.~..v8.....:{..-..(........?.70...<......!.0/.R...Fl.Jj...l...z..t....Y..7.......w..6.W....Xt..Hm..ILoF8>..w(....SF...&...^.6~....t..VR.\I..7....+I:..jgg._K.p.c>P...z\..u4.\.|s...-0..HM7kh.9...FqZ..Z.X..`1........r.y<.i...d.....s..S..........a...=Ap..3...{dh %h~..Y.B@;8....ny.X..H..`....f..8\4.P....F-..x...e..E`.QLO..1D....-u.q>.[..){y.OKT...*qT....hx..._.Un.7.H.i.(t]..v.o..J.....c..Gn...#.P...{T>u.....b.2.0..?..hvf.w..1..4g.}.4..M..M.)........._..O1.{.~J....b/V..D....N.X!l.\>.L.@..8..#...f~ .z)^.)+.0..... .$..4Q..N...<0...F

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.5.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):49000
                                    Entropy (8bit):7.996377025790321
                                    Encrypted:true
                                    SSDEEP:768:1xUQop/bswKGwfBescCIzHG7KeTAzKstO4e2zwP0ZP1D8N0FmZn8PlnEsVd0rZC7:bU3FoFfBesezHY1AOmrzwc/88mupEsVf
                                    MD5:4E2E528EE46DB6EB13D72A6D274E6839
                                    SHA1:4E9850E75A56184739D75E3160DE2A86DDB559B4
                                    SHA-256:93DD43ABE92455F75759DBFA0C38365A7CA30F717EB89C9509DD808061CEC2B9
                                    SHA-512:4A27F9AC43DE0F29624A684771AC54602E7D733EA7D336E6A3EF447C3F53E1250AF39F0F32F39E06A4D7A70262CC5CCD1F91ED27FD648E24F2F0AE2BFAA7BAB7
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.*I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..*w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....V.cvB...7{...5.t....q.Mc...%.{..}.'...T..v...b....Q.c.3.>.6...D.9.g....vfu............$]. ....lR....&.A.....f'PNLD.....^.#..e.Ea#...ri(..L.."..,iy...Y{...5.. ..a.Zdo .0#..)4?L..S4.u....>..[.e..7.(. Ez...5#~l..w-j.d.."...{.........;Kt.~9<.L..FL..K..9]...m.;=...6...sH.f2*ch....g. .|...o5...0.j.......{::.A$?..|.3....Kn..p. H.........P~vE.%7...>....w.!"[Ib.G.-Z5m.-*.1R.h..g........V.tu..)....y..#.P....$..^.........)..0......v....A.#3..b...u...l.&=h..^...:../,.N.......0.Q..Z'.#Q.:..c..\.....a..B.<....<3.nd. A......z...y...-...fm.bQ..,...4...h...jV.L.EW.~.p.f-...w..n4..Isz...a..&RE.E.. .h.=.

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.6.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):53663
                                    Entropy (8bit):7.996034465161992
                                    Encrypted:true
                                    SSDEEP:1536:xGDXleIDEpnglofA6/90JVsGr3E7i4ycu:0DXMbpsOA6/SVsGbgu
                                    MD5:BEDC02665EFF5FA7CFF9F921AB0D7A82
                                    SHA1:C1582EBC610812E7F12590A9CF8BEB7B4C40C927
                                    SHA-256:E6DEFD1686F93FB5958FCAC25ACB72709D314134E7068716352C547EDC3498F5
                                    SHA-512:25D1AEE4828647251456FAC001F2D18178C80C9E55A16900BA4BB2AB04FFE7B04BE5CCAD967EAC2B9BB6ED9A2EEAED7A9E1758AC06820126554FE1AAFCA11E41
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7>..[..-x..+J>...q.M.-.......G.kF7..g[..j.(T.....N6.4.v...Iw9...}...f..3.....}.C.4gS1d.,...A.dQ.b..._.zAg....#.....4^.@m..B.i......)..zfi..........r..c`..I.....&.........o...,.utZ.. -j....o...J..|...K6...t.?"....C..^.f.r}g.-..v..O.L....F....5b.........~.h.QE<..z......I.'.{2....F.U4.P*s*y.WZ.4....g.X.pK....?.h..>....%;.._........%p.}Y.OX.....MC....g.H._...b3.GQZ....z#8....K...9Eb{.....*......;N...rf<..:...+..9'!..T..\..1.q+......Nc..fy..5...v\.5....Aa....]....{.N.y...J..6....&p...b.Z..E._V+m.%.G.h7$9\.g.V....c..].nUck"..k.q....48.|.;A..N....to}.h.......e..g=..Cw.5.(G.j^.g...X...,fH...g#O.).WG......._q...|...:....:...r!?.._d.....:..S...._.Z...Y;.e.8m.x.\3....G}h......u..RM.95$\.}.K.2....E..r...%.i..._M..!3 9.\._...(.....1...9..j......Z..Ok.P.O.>.<n.........n3.Ef.e$~.Go.YJ..:.x...>..w.mE.%...w....4.Wg@d..|Y..I..P?T.zX...U..?..Y..]......qC.hi.. ~...R.....f.. .n.............'...{H..3...

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv70.7.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):42610
                                    Entropy (8bit):7.996074590123248
                                    Encrypted:true
                                    SSDEEP:768:b8xwcl1SFhMI/+LU1WwMlPEtMKCQ2GA43mUZRiaPVUHUtOeT50:oxwSaF/+Q1WFdYMKXClNiVUCOw0
                                    MD5:2B47BE1B7CBC7A36085102092F7A324B
                                    SHA1:E2C9C49CD3455AFF87FF6F72EAC3EE43F7F9D413
                                    SHA-256:8A19BFEE1246E1559565ABDFC07C50F1E11341431C17EB82D0FC972B4CD21D00
                                    SHA-512:6CDA948DB320D9418FE7FF0B931B73E8B90788FD1350E70F49292B7E93364CDB99C3D6E62BF138803232767C5467C43312DCA8257597FADFE703ED92A8B19A9D
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.}2b..?7<Kt..0..t..[.Q.*.b....!..]..@X&......I.M..V.w...<..H....)mD..n.....D.<.|.N.}..U.....^..K."...h).W..9..D.S....E..c..k..Wi..V...P.....b.T.K.%.hX!)..Y.L....=.z.8...#..p.'+ .....S......./..............p!.....eG.i..\.....r.%:..^+$..#g3...b....wE .$...C..n.....W..9..!..N..*.Q..E..<..Se....B.Z.^"..c..p...2ac)..qw...h,..>.....`F8."...G(\]..B<...p.=irK.X...%.6...9..\d....I......b.X....zM.BJ....Ku.X^....;z..]..77.,....8x...w6..s)...L...Z...h.L..5X..w.q2......hG.v..o.$L..@r*...iH. b|B.^..=+.DCTp.:.@..^..'..$...s...y..@0..0q.1......./...U...O....d...H.7.....I.7.Z..3x:i.}.y}yf...&.g..h...y.`=X... [..t.??H=. .Q.f.\.5..;.M...V........k.^..._.../.]s5.........i...9..+(.........D.p.H....Mp...C.[..C..[F.....[.. }~...9......H!/v3.^...k....:Y...l..8..^'..H..ih......#.J...]....[.lu.\.!.....P.Z8.A.....KL.i..g.}.L......n%VJW.z`...<a..t...}.J.../D..d%q..0.B.b[.5..i..\...d...Yk..=......o.....A...*

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv8.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):99558
                                    Entropy (8bit):7.998126987043341
                                    Encrypted:true
                                    SSDEEP:1536:BW6i/7u5pOXNGa8SHdDghoUY5IxeOvcrLK82rYi0AH4THvDR6g6dRQ5c:ovz2IXoa8SahoUPxeOkrW82aZb7RIQ5c
                                    MD5:DA245CD9A3C4B3C3801D3AF51F65669E
                                    SHA1:B4CBF06B1741C6F11BFCB70AF71648E9CD303AFA
                                    SHA-256:4ED05DA6232A33F423440381F7537F81D7A191869F61CADD46503A6219F61956
                                    SHA-512:4D7085D14DA5A9801503F42BDA2B638DDC39D3F7B2DC4C0F19D4E1F24257906711CBE88C5B93398EB26731532E8C2D649E629DB32782DF41D8A8A293D0C3BC0C
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv8.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32921
                                    Entropy (8bit):7.994624642930536
                                    Encrypted:true
                                    SSDEEP:768:BW6NewJwOQjdH/VducqYXlA3KZQcd61iEntb8LGAv6kpUtk:BW6jJefPqYXa3KNdHEtb2Xv6kKk
                                    MD5:83F1BCCDC2F210D7DE086FC737916F39
                                    SHA1:9CDE2A6162D3DA680ABCE27F73014762F9F3ACAD
                                    SHA-256:B00A874071BAC257B2FD82634301D93F2EF93AD7B2B6FA4CA59081C674E58083
                                    SHA-512:DD1620B4445E53DEF839D461853CA5819624EC45CBB7794A7A564B5317BFBE2E0A4CCE29BCA3990599E2CC4D056889A0025AA70FDAE2851BBF3244B22F40BFA5
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv9.0.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):95672
                                    Entropy (8bit):7.99801011413176
                                    Encrypted:true
                                    SSDEEP:1536:BW6YIBIE5MDNsiGv7/8/ieUvSZZht/paxFn9UyFELTsX3wt2JIaG0Q1WWTRDdXLo:o5IBNMDOHvL8avSXht/U2yFELwXAO1Gk
                                    MD5:4B55B9B8CD72784B8F4E86594C976C38
                                    SHA1:153DC16E17AD981DA1B8A9D990E00061D54CD49E
                                    SHA-256:9E3F1E22A087D3714AFD5E5C25817CB5D92F9DD158DBD5995D7E7B7FA7963C0C
                                    SHA-512:87E0FF6C0B087BC060F7B6F9D5A514FDEAB835A1153FC6A01A6D36E9765F4B9335C5281CB9CC832F0117F11030A104AB113057EDB6861508F8229870686C2E34
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Users\user\Contacts\iframe\rolloutfile.tv9.1.tv

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):30417
                                    Entropy (8bit):7.993108204768856
                                    Encrypted:true
                                    SSDEEP:768:BW6NHiPM2oCLwxHKaLMuIkdA/ceBdhiuP9vyRPMtoeVYbCluQ:BW6GLw418AjdvURPUYuv
                                    MD5:A227291090374BE07560BE98E820569E
                                    SHA1:79DE95ED367C987D0F2C009799E91C8D6EAD2127
                                    SHA-256:1BAC6A4DA0B8762762846D3828510696B82B9DACFC9341CF79A659863B328937
                                    SHA-512:21EFE5395D5CF59D60DABEAA2A6E83625571522EADD660C0EF1D599EBBEA5053ED381494EA46652CBD2AC994F09895F1249CC938F0BC42B28807815FE192F4BC
                                    Malicious:false
                                    Preview:.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2*..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ*.........7.-|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.|%4..Q.m.....U#F.P....e..)=..4...,..M.*X.\.1.a...'.>.,h..r..i...4.)....|.....=.....z.{*6.....8.p:LZq}n.%.M.y...|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

                                    C:\Windows\Installer\5851ae.msi

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {E061E987-F755-4888-941E-18DA12F1D569}, Number of Words: 10, Subject: Google Chorme Updat, Author: Microsoft, Name of Creating Application: Google Chorme Updat, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Google Chorme Updat.Microsoft, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 26 16:02:41 2024, Last Saved Time/Date: Tue Nov 26 16:02:41 2024, Last Printed: Tue Nov 26 16:02:41 2024, Number of Pages: 450
                                    Category:dropped
                                    Size (bytes):26120192
                                    Entropy (8bit):7.975232725021993
                                    Encrypted:false
                                    SSDEEP:393216:tkC1z3B6QQmVmYiHS1YQtmdCFvSCIZNeS/23qs/jtSKRTrXNiCRQFjv6Nxt7f4Qh:t70CEdHY0oJh+iPRTrXQlt6NxiAs
                                    MD5:B6061310D0598EB19680E7CE5474BA9A
                                    SHA1:635B0EA7D756B8A4FA2D6BBDAB739C0DED8F110F
                                    SHA-256:0B3486A5D2CEC89EC0452EF4B971D4E1C9DFE3CAEFAE753F05B44EC210BB9D87
                                    SHA-512:CB7284604C786995D0702F0C31CB5FD1729E8A9AFBA387C5BDEC56B5DB293338FF8DABA1BF6C27730BAE088C5BE8E64FBCFAD6A521BC8D38D852A903BF59F5EA
                                    Malicious:false
                                    Preview:......................>...........................................+...........G.......c.......p....................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...............=...............#...4........................................................................................... ...!..."...,...$...%...&...'...(...)...*...+...1...-......./...0...5...2...3...>...A...6...7...8...9...:...;...<.......-...?...@.......B...C...D...E...F...........I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                    C:\Windows\Installer\5851b1.msi

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {E061E987-F755-4888-941E-18DA12F1D569}, Number of Words: 10, Subject: Google Chorme Updat, Author: Microsoft, Name of Creating Application: Google Chorme Updat, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Google Chorme Updat.Microsoft, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 26 16:02:41 2024, Last Saved Time/Date: Tue Nov 26 16:02:41 2024, Last Printed: Tue Nov 26 16:02:41 2024, Number of Pages: 450
                                    Category:dropped
                                    Size (bytes):26120192
                                    Entropy (8bit):7.975232725021993
                                    Encrypted:false
                                    SSDEEP:393216:tkC1z3B6QQmVmYiHS1YQtmdCFvSCIZNeS/23qs/jtSKRTrXNiCRQFjv6Nxt7f4Qh:t70CEdHY0oJh+iPRTrXQlt6NxiAs
                                    MD5:B6061310D0598EB19680E7CE5474BA9A
                                    SHA1:635B0EA7D756B8A4FA2D6BBDAB739C0DED8F110F
                                    SHA-256:0B3486A5D2CEC89EC0452EF4B971D4E1C9DFE3CAEFAE753F05B44EC210BB9D87
                                    SHA-512:CB7284604C786995D0702F0C31CB5FD1729E8A9AFBA387C5BDEC56B5DB293338FF8DABA1BF6C27730BAE088C5BE8E64FBCFAD6A521BC8D38D852A903BF59F5EA
                                    Malicious:false
                                    Preview:......................>...........................................+...........G.......c.......p....................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...............=...............#...4........................................................................................... ...!..."...,...$...%...&...'...(...)...*...+...1...-......./...0...5...2...3...>...A...6...7...8...9...:...;...<.......-...?...@.......B...C...D...E...F...........I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                    C:\Windows\Installer\MSI5576.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1021792
                                    Entropy (8bit):6.608380087035959
                                    Encrypted:false
                                    SSDEEP:24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
                                    MD5:EC6EBF65FE4F361A73E473F46730E05C
                                    SHA1:01F946DFBF773F977AF5ADE7C27FFFC7FE311149
                                    SHA-256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
                                    SHA-512:E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Joe Sandbox View:
                                    • Filename: , Detection: malicious, Browse
                                    • Filename: , Detection: malicious, Browse
                                    • Filename: 740d3a.msi, Detection: malicious, Browse
                                    • Filename: 740d3a.msi, Detection: malicious, Browse
                                    • Filename: j45EY4ovxx.msi, Detection: malicious, Browse
                                    • Filename: pdfguruhub.msi, Detection: malicious, Browse
                                    • Filename: JR2xwuR1Zc.msi, Detection: malicious, Browse
                                    • Filename: rs8dpaIe6D.msi, Detection: malicious, Browse
                                    • Filename: Bill Details.exe, Detection: malicious, Browse
                                    • Filename: Bill Details.exe, Detection: malicious, Browse
                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                    C:\Windows\Installer\MSI5604.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1021792
                                    Entropy (8bit):6.608380087035959
                                    Encrypted:false
                                    SSDEEP:24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
                                    MD5:EC6EBF65FE4F361A73E473F46730E05C
                                    SHA1:01F946DFBF773F977AF5ADE7C27FFFC7FE311149
                                    SHA-256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
                                    SHA-512:E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                    C:\Windows\Installer\MSI5653.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1021792
                                    Entropy (8bit):6.608380087035959
                                    Encrypted:false
                                    SSDEEP:24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
                                    MD5:EC6EBF65FE4F361A73E473F46730E05C
                                    SHA1:01F946DFBF773F977AF5ADE7C27FFFC7FE311149
                                    SHA-256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
                                    SHA-512:E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                    C:\Windows\Installer\MSI5683.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1021792
                                    Entropy (8bit):6.608380087035959
                                    Encrypted:false
                                    SSDEEP:24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
                                    MD5:EC6EBF65FE4F361A73E473F46730E05C
                                    SHA1:01F946DFBF773F977AF5ADE7C27FFFC7FE311149
                                    SHA-256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
                                    SHA-512:E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                    C:\Windows\Installer\MSI56F1.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1021792
                                    Entropy (8bit):6.608380087035959
                                    Encrypted:false
                                    SSDEEP:24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
                                    MD5:EC6EBF65FE4F361A73E473F46730E05C
                                    SHA1:01F946DFBF773F977AF5ADE7C27FFFC7FE311149
                                    SHA-256:D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
                                    SHA-512:E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                    C:\Windows\Installer\MSI5BB5.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):21389
                                    Entropy (8bit):4.86234591399805
                                    Encrypted:false
                                    SSDEEP:384:fBoH9xRqIUttVB66ntzCLLHNwEE0ppTZZZ5X786OwoYr3a:f3ttVB66tkZZZFjbq
                                    MD5:595DC938339FD0DBA2F3B32FC5680CC2
                                    SHA1:1F5A884C94075BAFD18297DC1AA2A9BB4EB94A5B
                                    SHA-256:46A1CB225C9C128C2C950A0754D31A20F7CB32A6FCB5189F451E60498B445158
                                    SHA-512:4C46E5C2E8C595DC6527C89518046A18E4E41158005AC691AB543FF462B9452BFE7BE45992B7CD0ABEE1EF5153F59316D8CBBC46D67EF21CA7CA808F0A7C6F4C
                                    Malicious:false
                                    Preview:...@IXOS.@.....@".{Y.@.....@.....@.....@.....@.....@......&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}..Google Chorme Updat..FS-JFDIBGWE.msi.@.....@.....@.....@........&.{E061E987-F755-4888-941E-18DA12F1D569}.....@.....@.....@.....@.......@.....@.....@.......@......Google Chorme Updat......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@.....@.....@.]....&.{3B6BDBC4-2324-4D70-B1CA-94B741C61BF2}..C:\Users\user\Contacts\.@.......@.....@.....@......&.{C8D017D3-89C0-4250-9FFB-5D9684AF0A8D}2.01:\Software\Microsoft\Google Chorme Updat\Version.@.......@.....@.....@......&.{D5998543-BD40-48E5-B2B3-340A1A6BC8BF} .C:\Users\user\Contacts\file.cur.@.......@.....@.....@......&.{6C2AF152-BDD7-48E0-A2DE-D854C860F818}".C:\Users\user\Contacts\chrome.exe.@.......@.....@.....@......&.{9F462EE0-6F93-497C-B68E-DBA788B46E2D}..01:\Software\Microssoft\.@.......@.....@..

                                    C:\Windows\Installer\SourceHash{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):1.164350531718566
                                    Encrypted:false
                                    SSDEEP:12:JSbX72Fji6AGiLIlHVRpih/7777777777777777777777777vDHFyvyxl0i8Q:JU6QI5yERF
                                    MD5:F0508A6445F1FDF96B341787027661CE
                                    SHA1:BCD0578373445977FDA52BC52ECE928DC9505F54
                                    SHA-256:DDB22E361639FAEF20F1CB6B88459A0EADB649548266AE3F07695727CE677D57
                                    SHA-512:620206A661D43FB226CD07204065D10CEB7E87A346FA9AAD79A4EB6378AF2B1D5D8B285E8A7C5BA8B09FA8C236910A7E230812DD1675084F3E26BE7DED052662
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):1.4857220557099509
                                    Encrypted:false
                                    SSDEEP:48:38PhYuRc06WXJWFT5g28u9OK9kISC9kKAECiCyjMHoT9kISC9kAT59:2hY1tFTyuzkI9kREC0MqkI9k
                                    MD5:DB249BDC26DD7CDB718EA87E3D104113
                                    SHA1:252582AEE167C4E125C9ED533DE0AB530BAFE628
                                    SHA-256:601584E0198656DAC7333CB8AD12C749DB8A7BF11979CAA8720C6D2729DFF017
                                    SHA-512:83B59DFBFF90A5709FFDB1E506593C54F5B72F2D6B72ED989C7216B70E99BDE6E9CB15B57E4227C6F68F4DD43E99DD2D4D628650D2CE68F7EEAB3AACAD23ACE7
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):432221
                                    Entropy (8bit):5.37517398310451
                                    Encrypted:false
                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaut:zTtbmkExhMJCIpEro
                                    MD5:91B910763EC3A03571718665A5C329AB
                                    SHA1:176B89B15F6D74B3261F0038E3DB03848CD2AF0B
                                    SHA-256:24238C4F8A8279904C4DB926CE225FD6602C33FDEB7DD2ACBC1702BFCF961518
                                    SHA-512:EA5255450FD03F1411C4B2BD8843A756ED90C2B5E2895B7EA31A4BBD819517DBC7F7279961A1646540ADEB84EA5C7FBB6BCB1C626FB66CC7807872FF85CBF4C4
                                    Malicious:false
                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                    C:\Windows\Temp\~DF2C35E3BA7B0D4570.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF3B7E009E8CAEEB80.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):32768
                                    Entropy (8bit):1.1971075282139119
                                    Encrypted:false
                                    SSDEEP:48:DlQuuO+CFXJXT5C28u9OK9kISC9kKAECiCyjMHoT9kISC9kAT59:ZQE/TQuzkI9kREC0MqkI9k
                                    MD5:22B4BF9DF9FCD4188962A913478E85D2
                                    SHA1:4D449E898BD5F8B771D3454B606C527EBE034EE7
                                    SHA-256:3CF3C3074E8483D3DEAAA8F1AA7AB9D7BCA35142B0BCBEC25EA5DFBAD007FBB4
                                    SHA-512:579BEFA2B01E0FD40FB6F894C6BAED40BACEC9D62795A2583241595AD78615AAA7CAAFACF198A96FB622AD99521A226CA83AEAA33C6E459AD8C0221CEE67F9F1
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF3BAB5D30C1D5A37C.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF4C9412C6680B36FE.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF7D29E3D9A9A8FC84.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF83AD8146BEE80E24.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32768
                                    Entropy (8bit):0.07241316586385736
                                    Encrypted:false
                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOKGKvIaVky6lhX:2F0i8n0itFzDHFyvyx
                                    MD5:4C74DBC84CCDC3F9B4B65F95CCFD57CC
                                    SHA1:FCF4EA1ECE9786C46F36D4F14839B93E48F2EE81
                                    SHA-256:5B246A5E4DA5EEDCF71B3DCC7CD6AA21137CA0726DFF8E9630E245D0B9167932
                                    SHA-512:A25682615F41C69912EB9A421CF762E568D6744A926B274969C4E3374111893CCAEAC5E4BA990A5C3F460BCAB799E700CC998679952DBCA4F5B2FDF9779FBBC7
                                    Malicious:false
                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF84DD2E116DBA78AC.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):1.4857220557099509
                                    Encrypted:false
                                    SSDEEP:48:38PhYuRc06WXJWFT5g28u9OK9kISC9kKAECiCyjMHoT9kISC9kAT59:2hY1tFTyuzkI9kREC0MqkI9k
                                    MD5:DB249BDC26DD7CDB718EA87E3D104113
                                    SHA1:252582AEE167C4E125C9ED533DE0AB530BAFE628
                                    SHA-256:601584E0198656DAC7333CB8AD12C749DB8A7BF11979CAA8720C6D2729DFF017
                                    SHA-512:83B59DFBFF90A5709FFDB1E506593C54F5B72F2D6B72ED989C7216B70E99BDE6E9CB15B57E4227C6F68F4DD43E99DD2D4D628650D2CE68F7EEAB3AACAD23ACE7
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFCB0C3D1880B6AB2F.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):32768
                                    Entropy (8bit):1.1971075282139119
                                    Encrypted:false
                                    SSDEEP:48:DlQuuO+CFXJXT5C28u9OK9kISC9kKAECiCyjMHoT9kISC9kAT59:ZQE/TQuzkI9kREC0MqkI9k
                                    MD5:22B4BF9DF9FCD4188962A913478E85D2
                                    SHA1:4D449E898BD5F8B771D3454B606C527EBE034EE7
                                    SHA-256:3CF3C3074E8483D3DEAAA8F1AA7AB9D7BCA35142B0BCBEC25EA5DFBAD007FBB4
                                    SHA-512:579BEFA2B01E0FD40FB6F894C6BAED40BACEC9D62795A2583241595AD78615AAA7CAAFACF198A96FB622AD99521A226CA83AEAA33C6E459AD8C0221CEE67F9F1
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFCD6F7CCAA7D97CD2.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFDCE95ADD3689C6F5.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):1.4857220557099509
                                    Encrypted:false
                                    SSDEEP:48:38PhYuRc06WXJWFT5g28u9OK9kISC9kKAECiCyjMHoT9kISC9kAT59:2hY1tFTyuzkI9kREC0MqkI9k
                                    MD5:DB249BDC26DD7CDB718EA87E3D104113
                                    SHA1:252582AEE167C4E125C9ED533DE0AB530BAFE628
                                    SHA-256:601584E0198656DAC7333CB8AD12C749DB8A7BF11979CAA8720C6D2729DFF017
                                    SHA-512:83B59DFBFF90A5709FFDB1E506593C54F5B72F2D6B72ED989C7216B70E99BDE6E9CB15B57E4227C6F68F4DD43E99DD2D4D628650D2CE68F7EEAB3AACAD23ACE7
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFE3F43D062298ACC2.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):32768
                                    Entropy (8bit):1.1971075282139119
                                    Encrypted:false
                                    SSDEEP:48:DlQuuO+CFXJXT5C28u9OK9kISC9kKAECiCyjMHoT9kISC9kAT59:ZQE/TQuzkI9kREC0MqkI9k
                                    MD5:22B4BF9DF9FCD4188962A913478E85D2
                                    SHA1:4D449E898BD5F8B771D3454B606C527EBE034EE7
                                    SHA-256:3CF3C3074E8483D3DEAAA8F1AA7AB9D7BCA35142B0BCBEC25EA5DFBAD007FBB4
                                    SHA-512:579BEFA2B01E0FD40FB6F894C6BAED40BACEC9D62795A2583241595AD78615AAA7CAAFACF198A96FB622AD99521A226CA83AEAA33C6E459AD8C0221CEE67F9F1
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFF2D8A596F911DC2A.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):73728
                                    Entropy (8bit):0.10795645338628225
                                    Encrypted:false
                                    SSDEEP:48:digTe9kISC9k99kISC9kKAECiCyjMHowhvuEo:ckI9kHkI9kREC0MZu
                                    MD5:6ABDF1E7A4391B434CB9029FF2ED0E45
                                    SHA1:82CB35C7C5D50895CC3789E749D1D6336517D16B
                                    SHA-256:AAE4070454748648B63E35B000B6D905CA50578A166D25885B4F8C46E2239F00
                                    SHA-512:659132F97187073F2C616AB8143BEEE023C0469D136B5C6C117CD6CC6F9C785EDB7945E3A9D7DF7BEA6412718D928909A35D54817FBD33338DEDB98504A89346
                                    Malicious:false
                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    Static File Info

                                    General

                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {E061E987-F755-4888-941E-18DA12F1D569}, Number of Words: 10, Subject: Google Chorme Updat, Author: Microsoft, Name of Creating Application: Google Chorme Updat, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Google Chorme Updat.Microsoft, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Nov 26 16:02:41 2024, Last Saved Time/Date: Tue Nov 26 16:02:41 2024, Last Printed: Tue Nov 26 16:02:41 2024, Number of Pages: 450
                                    Entropy (8bit):7.975232725021993
                                    TrID:
                                    • Windows SDK Setup Transform Script (63028/2) 47.91%
                                    • Microsoft Windows Installer (60509/1) 46.00%
                                    • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                    File name:FS-JFDIBGWE.msi
                                    File size:26'120'192 bytes
                                    MD5:b6061310d0598eb19680e7ce5474ba9a
                                    SHA1:635b0ea7d756b8a4fa2d6bbdab739c0ded8f110f
                                    SHA256:0b3486a5d2cec89ec0452ef4b971d4e1c9dfe3caefae753f05b44ec210bb9d87
                                    SHA512:cb7284604c786995d0702f0c31cb5fd1729e8a9afba387c5bdec56b5db293338ff8daba1bf6c27730bae088c5be8e64fbcfad6a521bc8d38d852a903bf59f5ea
                                    SSDEEP:393216:tkC1z3B6QQmVmYiHS1YQtmdCFvSCIZNeS/23qs/jtSKRTrXNiCRQFjv6Nxt7f4Qh:t70CEdHY0oJh+iPRTrXQlt6NxiAs
                                    TLSH:B6473335BACAC439E59D02BBA52DAE2D05399E63073040D7F7F87D9E48348C1A779A13
                                    File Content Preview:........................>...........................................+...........G.......c.......p..............................................................................................................................................................

                                    File Icon

                                    Icon Hash:2d2e3797b32b2b99

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-11-27T09:57:17.739735+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449730162.214.64.21280TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 27, 2024 09:57:16.060972929 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:57:16.180999994 CET8049730162.214.64.212192.168.2.4
                                    Nov 27, 2024 09:57:16.181092024 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:57:16.181390047 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:57:16.301357031 CET8049730162.214.64.212192.168.2.4
                                    Nov 27, 2024 09:57:17.735651970 CET8049730162.214.64.212192.168.2.4
                                    Nov 27, 2024 09:57:17.739734888 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:57:22.737351894 CET8049730162.214.64.212192.168.2.4
                                    Nov 27, 2024 09:57:22.737456083 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:59:04.869091034 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:59:05.188747883 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:59:05.829747915 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:59:07.091756105 CET4973080192.168.2.4162.214.64.212
                                    Nov 27, 2024 09:59:09.612754107 CET4973080192.168.2.4162.214.64.212

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 27, 2024 09:57:14.881886959 CET6509253192.168.2.41.1.1.1
                                    Nov 27, 2024 09:57:15.911680937 CET6509253192.168.2.41.1.1.1
                                    Nov 27, 2024 09:57:15.995656013 CET53650921.1.1.1192.168.2.4
                                    Nov 27, 2024 09:57:16.049211979 CET53650921.1.1.1192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Nov 27, 2024 09:57:14.881886959 CET192.168.2.41.1.1.10xcfb4Standard query (0)e-notas.comA (IP address)IN (0x0001)false
                                    Nov 27, 2024 09:57:15.911680937 CET192.168.2.41.1.1.10xcfb4Standard query (0)e-notas.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Nov 27, 2024 09:57:15.995656013 CET1.1.1.1192.168.2.40xcfb4No error (0)e-notas.com162.214.64.212A (IP address)IN (0x0001)false
                                    Nov 27, 2024 09:57:16.049211979 CET1.1.1.1192.168.2.40xcfb4No error (0)e-notas.com162.214.64.212A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • e-notas.com

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.449730162.214.64.212807592C:\Users\user\Contacts\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    Nov 27, 2024 09:57:16.181390047 CET85OUTGET /dsdrk/inspecionando.php HTTP/1.1
                                    Host: e-notas.com
                                    Cache-Control: no-cache
                                    Nov 27, 2024 09:57:17.735651970 CET131INHTTP/1.1 200 OK
                                    Date: Wed, 27 Nov 2024 08:57:17 GMT
                                    Server: Apache
                                    Content-Length: 0
                                    Content-Type: text/html; charset=UTF-8


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:03:57:00
                                    Start date:27/11/2024
                                    Path:C:\Windows\System32\msiexec.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\FS-JFDIBGWE.msi"
                                    Imagebase:0x7ff7e0260000
                                    File size:69'632 bytes
                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:1
                                    Start time:03:57:01
                                    Start date:27/11/2024
                                    Path:C:\Windows\System32\msiexec.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                    Imagebase:0x7ff7e0260000
                                    File size:69'632 bytes
                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    General

                                    Target ID:2
                                    Start time:03:57:02
                                    Start date:27/11/2024
                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 1B3A46C9CC141CE48342EF23A709DE5E
                                    Imagebase:0xe0000
                                    File size:59'904 bytes
                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:03:57:07
                                    Start date:27/11/2024
                                    Path:C:\Users\user\Contacts\chrome.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Contacts\chrome.exe"
                                    Imagebase:0x3f0000
                                    File size:2'252'904 bytes
                                    MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:Borland Delphi
                                    Antivirus matches:
                                    • Detection: 0%, ReversingLabs
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:7
                                    Start time:03:57:29
                                    Start date:27/11/2024
                                    Path:C:\Users\user\Contacts\chrome.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Contacts\chrome.exe"
                                    Imagebase:0x3f0000
                                    File size:2'252'904 bytes
                                    MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:Borland Delphi
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:8
                                    Start time:03:57:37
                                    Start date:27/11/2024
                                    Path:C:\Users\user\Contacts\chrome.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Contacts\chrome.exe"
                                    Imagebase:0x3f0000
                                    File size:2'252'904 bytes
                                    MD5 hash:DD36EA28C576FB0AD109B42D3D6C9F96
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:Borland Delphi
                                    Reputation:low
                                    Has exited:false

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:0.8%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:19.2%
                                      Total number of Nodes:390
                                      Total number of Limit Nodes:17
                                      execution_graph 33111 40bb40 55 API calls _ValidateLocalCookies 33112 3f633c 23 API calls 33044 47e240 TryAcquireSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive ReleaseSRWLockExclusive 33045 3f6e34 234 API calls 33046 3f8030 251 API calls 2 library calls 33047 3fe230 70 API calls _ValidateLocalCookies 33048 3fc430 9 API calls _ValidateLocalCookies 33115 3fe930 42 API calls _ValidateLocalCookies 32732 477f50 32735 477f80 32732->32735 32736 477ff1 32735->32736 32744 477f64 32735->32744 32749 4e82c8 AcquireSRWLockExclusive 32736->32749 32738 477ffb 32739 4e82c8 3 API calls 32738->32739 32738->32744 32748 478024 32738->32748 32741 478062 32739->32741 32741->32748 32756 4e87c8 17 API calls 32741->32756 32742 478043 32755 4e8317 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 32742->32755 32746 478098 32757 4e8317 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 32746->32757 32754 4e87c8 17 API calls 32748->32754 32750 4e82dc 32749->32750 32751 4e82e1 ReleaseSRWLockExclusive 32750->32751 32758 4e8e3e SleepConditionVariableSRW 32750->32758 32751->32738 32754->32742 32755->32744 32756->32746 32757->32748 32758->32750 33051 4f4a51 36 API calls ___std_exception_copy 33054 3f2e20 57 API calls 2 library calls 33055 58107f 14 API calls ___delayLoadHelper2@8 32759 4e8164 32764 5034ca GetLastError 32759->32764 32761 4e816f 32814 503aae 32761->32814 32765 5034e0 32764->32765 32766 5034e6 32764->32766 32818 503d14 6 API calls ___std_exception_copy 32765->32818 32770 5034ea SetLastError 32766->32770 32819 503d53 32766->32819 32774 50357a 32770->32774 32775 50357f 32770->32775 32774->32761 32833 4fa92a 46 API calls ___std_exception_copy 32775->32833 32776 503530 32780 503d53 ___std_exception_copy 6 API calls 32776->32780 32777 50351f 32779 503d53 ___std_exception_copy 6 API calls 32777->32779 32783 50352d 32779->32783 32784 50353c 32780->32784 32781 503584 32782 503596 32781->32782 32834 503d14 6 API calls ___std_exception_copy 32781->32834 32788 503d53 ___std_exception_copy 6 API calls 32782->32788 32793 50359c 32782->32793 32828 4d3f40 32783->32828 32785 503540 32784->32785 32786 503557 32784->32786 32789 503d53 ___std_exception_copy 6 API calls 32785->32789 32832 5037dc 17 API calls ___std_exception_copy 32786->32832 32792 5035b0 32788->32792 32789->32783 32792->32793 32798 4e4570 ___std_exception_copy 2 API calls 32792->32798 32796 5035a1 32793->32796 32836 4fa92a 46 API calls ___std_exception_copy 32793->32836 32794 503562 32797 4d3f40 ___std_exception_copy 15 API calls 32794->32797 32796->32761 32797->32770 32800 5035c0 32798->32800 32799 50361a 32801 5035c8 32800->32801 32802 5035dd 32800->32802 32804 503d53 ___std_exception_copy 6 API calls 32801->32804 32803 503d53 ___std_exception_copy 6 API calls 32802->32803 32805 5035e9 32803->32805 32806 5035d4 32804->32806 32807 5035fc 32805->32807 32808 5035ed 32805->32808 32809 4d3f40 ___std_exception_copy 15 API calls 32806->32809 32835 5037dc 17 API calls ___std_exception_copy 32807->32835 32810 503d53 ___std_exception_copy 6 API calls 32808->32810 32809->32793 32810->32806 32812 503607 32813 4d3f40 ___std_exception_copy 15 API calls 32812->32813 32813->32796 32815 4e817f 32814->32815 32816 503ac1 32814->32816 32816->32815 32864 507446 32816->32864 32818->32766 32837 504149 32819->32837 32822 503d8d TlsSetValue 32823 503502 32823->32770 32824 4e4570 32823->32824 32826 4e457c 32824->32826 32827 4e459c 32826->32827 32845 53ccf0 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 32826->32845 32827->32776 32827->32777 32829 4d3f53 32828->32829 32846 479fa0 32829->32846 32830 4d3f5d 32830->32770 32832->32794 32833->32781 32834->32782 32835->32812 32836->32799 32838 504179 32837->32838 32841 503d6f 32837->32841 32838->32841 32844 50407e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsSetValue 32838->32844 32840 50418d 32840->32841 32842 504193 GetProcAddress 32840->32842 32841->32822 32841->32823 32842->32841 32843 5041a3 ___std_exception_copy 32842->32843 32843->32841 32844->32840 32845->32826 32851 479fb2 32846->32851 32852 47a103 32846->32852 32847 47a162 TryAcquireSRWLockExclusive 32848 47a24a 32847->32848 32854 47a17f 32847->32854 32862 47cf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 32848->32862 32849 47a27f 32851->32847 32851->32852 32855 47a121 32851->32855 32856 47a0be 32851->32856 32852->32830 32853 47a1e0 ReleaseSRWLockExclusive 32853->32852 32854->32849 32854->32853 32855->32847 32857 47a0f7 32856->32857 32858 47a1f9 32856->32858 32857->32852 32863 47ae00 9 API calls _ValidateLocalCookies 32857->32863 32861 47a770 11 API calls _ValidateLocalCookies 32858->32861 32861->32852 32862->32854 32863->32852 32865 507452 ___std_exception_copy 32864->32865 32866 5034ca 46 API calls 32865->32866 32867 50745b 32866->32867 32874 5074a1 32867->32874 32877 504431 EnterCriticalSection 32867->32877 32869 507479 32878 5074c7 32869->32878 32873 50749d 32873->32874 32883 4fa92a 46 API calls ___std_exception_copy 32873->32883 32874->32815 32876 5074c6 32877->32869 32879 50748a 32878->32879 32880 5074d5 ___std_exception_copy 32878->32880 32882 5074a6 LeaveCriticalSection ___std_exception_copy 32879->32882 32880->32879 32884 50727b 32880->32884 32882->32873 32883->32876 32885 5072fb 32884->32885 32888 507291 32884->32888 32886 507349 32885->32886 32889 4d3f40 ___std_exception_copy 15 API calls 32885->32889 32912 507415 32886->32912 32888->32885 32890 5072c4 32888->32890 32895 4d3f40 ___std_exception_copy 15 API calls 32888->32895 32891 50731d 32889->32891 32892 5072e6 32890->32892 32901 4d3f40 ___std_exception_copy 15 API calls 32890->32901 32893 4d3f40 ___std_exception_copy 15 API calls 32891->32893 32894 4d3f40 ___std_exception_copy 15 API calls 32892->32894 32896 507330 32893->32896 32897 5072f0 32894->32897 32899 5072b9 32895->32899 32902 4d3f40 ___std_exception_copy 15 API calls 32896->32902 32905 4d3f40 ___std_exception_copy 15 API calls 32897->32905 32898 5073b7 32906 4d3f40 ___std_exception_copy 15 API calls 32898->32906 32918 506701 15 API calls ___std_exception_copy 32899->32918 32900 507357 32900->32898 32908 4d3f40 15 API calls ___std_exception_copy 32900->32908 32903 5072db 32901->32903 32904 50733e 32902->32904 32919 506a1d 15 API calls ___std_exception_copy 32903->32919 32910 4d3f40 ___std_exception_copy 15 API calls 32904->32910 32905->32885 32911 5073bd 32906->32911 32908->32900 32910->32886 32911->32879 32913 507422 32912->32913 32917 507441 32912->32917 32913->32917 32920 506b0b 15 API calls ___std_exception_copy 32913->32920 32915 50743b 32916 4d3f40 ___std_exception_copy 15 API calls 32915->32916 32916->32917 32917->32900 32918->32890 32919->32892 32920->32915 33120 3f3fc8 ReleaseSRWLockExclusive 32946 3fdc10 32951 3fdc60 32946->32951 32950 3fdc54 32952 3fdca8 ___std_exception_copy 32951->32952 32958 4b6d80 TryAcquireSRWLockExclusive 32952->32958 32954 3fdd51 32991 4e9b55 5 API calls ___raise_securityfailure 32954->32991 32956 3fdc4a 32957 4e9b55 5 API calls ___raise_securityfailure 32956->32957 32957->32950 32959 4b6db6 32958->32959 32973 4b73c5 32958->32973 32960 4b73f3 ReleaseSRWLockExclusive 32959->32960 32970 4b6dc3 32959->32970 32963 4b7379 32960->32963 32962 4b73d2 32962->32954 33006 4e9b55 5 API calls ___raise_securityfailure 32963->33006 32964 4b6e56 __aulldiv 32964->32973 32974 4b72e0 TryAcquireSRWLockExclusive 32964->32974 32966 4b7387 32966->32954 32968 4b6f07 32969 3f9990 214 API calls 32968->32969 32971 4b6f2a 32969->32971 32970->32964 32992 3f9990 32970->32992 32984 4b7404 32971->32984 33005 3fd550 220 API calls _ValidateLocalCookies 32971->33005 33007 47cf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 32973->33007 32976 4b732d 32974->32976 32977 4b73d7 32974->32977 32980 4b733a ReleaseSRWLockExclusive 32976->32980 32983 4b739a TlsAlloc 32976->32983 32976->32984 33008 47cf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 32977->33008 32978 4b6f6c 32978->32964 32988 4b741f 32978->32988 32981 4b7357 ReleaseSRWLockExclusive 32980->32981 32982 4b73e6 32980->32982 32981->32963 33009 45a660 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive TlsAlloc TryAcquireSRWLockExclusive AcquireSRWLockExclusive 32982->33009 32983->32984 32987 4b73a5 32983->32987 32984->32954 32987->32980 32990 4b744c 32988->32990 33010 3fd4b0 220 API calls _ValidateLocalCookies 32988->33010 32989 4b73ee 32989->32981 32991->32956 32993 3f99b7 LoadLibraryW 32992->32993 32999 3f999f 32992->32999 32994 3f99c6 GetProcAddress 32993->32994 32993->32999 32996 3f99dd 32994->32996 32994->32999 32996->32999 32997 3f9a38 32998 3f9a98 32997->32998 33012 4cb380 8 API calls 3 library calls 32997->33012 33000 3f99b3 32999->33000 33011 4c1960 220 API calls 32999->33011 33000->32968 33002 3f9a75 33013 4e9b55 5 API calls ___raise_securityfailure 33002->33013 33004 3f9a90 33004->32968 33005->32978 33006->32966 33007->32962 33008->32976 33009->32989 33010->32990 33011->32997 33012->33002 33013->33004 33121 3fb510 124 API calls _ValidateLocalCookies 33122 3f7b0d 37 API calls 33060 3f1000 5 API calls _ValidateLocalCookies 33061 3f9800 37 API calls 33125 3faf00 61 API calls ___std_exception_copy 33063 408c00 262 API calls _ValidateLocalCookies 33064 47b000 TryAcquireSRWLockExclusive ReleaseSRWLockExclusive TryAcquireSRWLockExclusive AcquireSRWLockExclusive 32921 50361b GetLastError 32922 503631 32921->32922 32923 503637 32921->32923 32944 503d14 6 API calls ___std_exception_copy 32922->32944 32925 503d53 ___std_exception_copy 6 API calls 32923->32925 32927 50363b SetLastError 32923->32927 32926 503653 32925->32926 32926->32927 32929 4e4570 ___std_exception_copy 2 API calls 32926->32929 32930 503668 32929->32930 32931 503670 32930->32931 32932 503681 32930->32932 32933 503d53 ___std_exception_copy 6 API calls 32931->32933 32934 503d53 ___std_exception_copy 6 API calls 32932->32934 32935 50367e 32933->32935 32936 50368d 32934->32936 32941 4d3f40 ___std_exception_copy 15 API calls 32935->32941 32937 503691 32936->32937 32938 5036a8 32936->32938 32940 503d53 ___std_exception_copy 6 API calls 32937->32940 32945 5037dc 17 API calls ___std_exception_copy 32938->32945 32940->32935 32941->32927 32942 5036b3 32943 4d3f40 ___std_exception_copy 15 API calls 32942->32943 32943->32927 32944->32923 32945->32942 33065 4ea200 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 33014 3f6a70 33020 3f6ad0 TryAcquireSRWLockExclusive 33014->33020 33017 3f6a9e GetCurrentProcess IsWow64Process 33018 3f6ab4 33017->33018 33019 3f6a85 33018->33019 33021 3f6bdb 33020->33021 33022 3f6afa 33020->33022 33032 47cf90 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 33021->33032 33024 3f9990 220 API calls 33022->33024 33030 3f6b07 ReleaseSRWLockExclusive 33022->33030 33026 3f6ba8 33024->33026 33028 3f9990 220 API calls 33026->33028 33028->33030 33029 3f6a79 33029->33017 33029->33019 33031 4e9b55 5 API calls ___raise_securityfailure 33030->33031 33031->33029 33032->33022 33066 3ff470 7 API calls 33130 3fc170 121 API calls 33131 408910 240 API calls _ValidateLocalCookies 33137 405717 15 API calls _ValidateLocalCookies 33070 4e8613 GetSystemTimeAsFileTime __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33140 3fbd60 9 API calls _ValidateLocalCookies 33141 408320 122 API calls _ValidateLocalCookies 33072 41b820 7 API calls 2 library calls 33073 519230 86 API calls 33142 41f120 RaiseException EnterCriticalSection LeaveCriticalSection 33143 42e120 231 API calls _ValidateLocalCookies 33074 40542a 8 API calls 33075 3ff050 220 API calls _ValidateLocalCookies 33076 3f2c50 17 API calls _ValidateLocalCookies 33145 458d30 GetProcessId GetCurrentProcess GetLastError GetProcessId GetLastError 33147 3f3f44 ReleaseSRWLockExclusive QueryPerformanceCounter __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33078 3f3840 226 API calls _ValidateLocalCookies 33150 3f2d40 15 API calls _ValidateLocalCookies 33151 536fd0 7 API calls _ValidateLocalCookies 33081 4ff6cb 27 API calls __floor_pentium4 33082 3f8cb0 109 API calls _ValidateLocalCookies 33083 3ff6b0 110 API calls _ValidateLocalCookies 33153 3f65b0 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 33154 3fadb0 17 API calls 2 library calls 33085 53e8c0 VirtualAlloc GetLastError 33156 4eabd0 57 API calls 3 library calls 33157 3f63a1 20 API calls 33087 4084e0 124 API calls _ValidateLocalCookies 33088 5398f0 303 API calls _ValidateLocalCookies 33092 4c0ee0 InitializeConditionVariable 33158 3fd390 24 API calls _ValidateLocalCookies 32611 4009f0 32614 400a20 IsThreadAFiber 32611->32614 32615 400a58 ConvertThreadToFiberEx 32614->32615 32616 400b6d GetInstallDetailsPayload 32614->32616 32618 400a6a CreateFiberEx 32615->32618 32619 4010ed GetLastError 32615->32619 32617 400b7a GetInstallDetailsPayload 32616->32617 32630 400ae9 ___std_exception_copy 32616->32630 32674 4e6aa0 RaiseException EnterCriticalSection LeaveCriticalSection ___std_exception_copy 32617->32674 32618->32619 32622 400a93 SwitchToFiber DeleteFiber ConvertFiberToThread 32618->32622 32620 400b64 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 32619->32620 32620->32616 32620->32619 32631 400d88 QueryPerformanceCounter 32620->32631 32632 4011c2 32620->32632 32636 400c51 GetInstallDetailsPayload 32620->32636 32646 400e85 GetCurrentProcess 32620->32646 32651 400ace 32620->32651 32661 400ac5 32620->32661 32675 4e8939 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 32620->32675 32678 401a20 220 API calls _ValidateLocalCookies 32620->32678 32688 433c90 231 API calls _ValidateLocalCookies 32620->32688 32689 436460 38 API calls 32620->32689 32690 459940 5 API calls _ValidateLocalCookies 32620->32690 32691 533220 236 API calls _ValidateLocalCookies 32620->32691 32692 53adf0 8 API calls _ValidateLocalCookies 32620->32692 32693 517b10 SetEvent 32620->32693 32694 416870 110 API calls 32620->32694 32695 4ce040 106 API calls ___std_exception_copy 32620->32695 32696 3f9140 220 API calls 32620->32696 32634 400aac 32622->32634 32623 400afc GetModuleFileNameW 32623->32617 32623->32630 32624 400b89 GetInstallDetailsPayload GetInstallDetailsPayload 32624->32620 32627 400a01 SwitchToFiber 32630->32617 32630->32623 32672 4cb380 8 API calls 3 library calls 32630->32672 32673 4016c0 110 API calls _ValidateLocalCookies 32630->32673 32631->32620 32635 4011d1 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 32631->32635 32697 517810 99 API calls 2 library calls 32632->32697 32670 4e9b55 5 API calls ___raise_securityfailure 32634->32670 32636->32620 32638 4e6aa0 RaiseException EnterCriticalSection LeaveCriticalSection 32638->32661 32648 400ea5 DuplicateHandle 32646->32648 32647 400d65 GetProcAddress 32647->32620 32647->32661 32648->32620 32648->32661 32671 405530 115 API calls 32651->32671 32661->32620 32661->32638 32661->32647 32661->32651 32663 400f62 32661->32663 32676 402300 288 API calls _ValidateLocalCookies 32661->32676 32677 401260 GetCurrentProcess TerminateProcess 32661->32677 32679 401840 GetLastError SetLastError GetCurrentProcess GetModuleHandleW GetProcAddress 32661->32679 32680 402150 48 API calls _ValidateLocalCookies 32661->32680 32681 3fd200 6 API calls 32661->32681 32682 401780 18 API calls _ValidateLocalCookies 32661->32682 32683 403210 108 API calls _ValidateLocalCookies 32661->32683 32684 3fd300 GetModuleHandleW GetProcAddress 32661->32684 32685 401630 8 API calls _ValidateLocalCookies 32661->32685 32663->32634 32664 400f84 32663->32664 32687 4d0910 GetModuleHandleW GetProcAddress 32663->32687 32686 4012e0 255 API calls 32664->32686 32669 400f93 32669->32634 32670->32627 32672->32630 32673->32630 32674->32624 32675->32620 32676->32661 32678->32620 32679->32661 32680->32661 32681->32661 32682->32661 32683->32661 32684->32661 32685->32661 32687->32664 32688->32620 32689->32620 32690->32620 32691->32620 32692->32620 32693->32620 32694->32620 32695->32620 32696->32620 32697->32669 33094 4448f0 GetModuleHandleW GetProcAddress 33160 4007f6 11 API calls 33162 3fcb80 74 API calls 33163 402780 9 API calls 32698 4f5e8d 32701 4f5fc2 32698->32701 32702 4f5fef 32701->32702 32703 4f6001 32701->32703 32722 4e9935 GetModuleHandleW 32702->32722 32714 4f615c 32703->32714 32707 4f5e9e 32708 4f604b 32724 4f5f91 11 API calls 32708->32724 32709 4f5ff4 32709->32703 32723 4f5ef6 GetModuleHandleExW GetProcAddress FreeLibrary 32709->32723 32713 4f6000 32713->32703 32715 4f6168 ___std_exception_copy 32714->32715 32725 504431 EnterCriticalSection 32715->32725 32717 4f6172 32726 4f6059 32717->32726 32719 4f617f 32730 4f619d LeaveCriticalSection ___std_exception_copy 32719->32730 32721 4f6038 32721->32707 32721->32708 32722->32709 32723->32713 32725->32717 32727 4f6065 ___std_exception_copy 32726->32727 32728 4f60c9 32727->32728 32731 4f80f4 17 API calls __EH_prolog3 32727->32731 32728->32719 32730->32721 32731->32728 33097 3f50f0 40 API calls 33099 3f1cf0 9 API calls _ValidateLocalCookies 33164 3fe3f0 95 API calls _ValidateLocalCookies 33100 53d080 96 API calls _ValidateLocalCookies 33033 3f69e0 33034 3f6a0f 33033->33034 33035 3f69f5 33033->33035 33034->33035 33036 3f69fa VirtualAlloc 33034->33036 33038 3f6a4d VirtualFree 33034->33038 33035->33036 33040 3f6a0c 33035->33040 33042 534680 96 API calls _ValidateLocalCookies 33035->33042 33037 3f6a22 GetLastError 33036->33037 33036->33040 33037->33035 33039 3f6a5e GetLastError 33038->33039 33038->33040 33039->33040 33042->33035 33102 3fb0e0 10 API calls _ValidateLocalCookies 33168 3f97e0 99 API calls 33170 53b3b0 271 API calls _ValidateLocalCookies 33171 5531b0 8 API calls _ValidateLocalCookies 33172 47e5a0 241 API calls 33174 3f31d0 228 API calls 3 library calls 33175 3fb3d0 42 API calls _ValidateLocalCookies 33176 3f65d0 36 API calls 33178 53e7a0 224 API calls 33179 4bb7b0 223 API calls 2 library calls 33180 3f1dc0 237 API calls _ValidateLocalCookies

                                      Executed Functions

                                      Function 00400A20 Relevance: 51.4, APIs: 20, Strings: 9, Instructions: 617threadlibraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 400a20-400a52 IsThreadAFiber 1 400a58-400a64 ConvertThreadToFiberEx 0->1 2 400b6d-400b74 GetInstallDetailsPayload 0->2 5 400a6a-400a8d CreateFiberEx 1->5 6 4010ed-401101 GetLastError call 45c1a0 1->6 3 400ae9-400b1f call 4eb300 GetModuleFileNameW 2->3 4 400b7a-400ba6 GetInstallDetailsPayload call 4e6aa0 GetInstallDetailsPayload * 2 2->4 3->4 15 400b21-400b44 call 4cb380 call 4c3820 call 4016c0 3->15 16 400b64-400b6b 4->16 17 400ba8-400baa 4->17 5->6 10 400a93-400aa9 SwitchToFiber DeleteFiber ConvertFiberToThread 5->10 6->2 14 400aac-400ac2 call 4e9b55 10->14 35 400b51-400b55 15->35 36 400b46-400b4e call 4e6a9b 15->36 16->17 20 400bb0-400c04 call 4e8939 call 4c0fd0 call 4c04f0 17->20 21 4010e2-4010e3 17->21 38 400c06-400c09 20->38 39 400c0c-400c0e 20->39 25 4010e5 21->25 25->6 35->4 40 400b57-400b62 call 4e6a9b 35->40 36->35 38->39 43 400c14-400c1e 39->43 44 400fba-400fbf 39->44 40->4 46 400fc1 43->46 47 400c24-400c27 43->47 48 400fc6-400fcb call 514060 44->48 46->48 49 400de2-400dfb 47->49 50 400c2d-400c3f 47->50 54 400fd0 48->54 55 400e01-400e1b call 405150 call 4c03a0 49->55 56 40119e-4011bc 49->56 52 400c45-400c76 GetInstallDetailsPayload call 401280 50->52 53 400d88-400dac QueryPerformanceCounter 50->53 77 400c7c-400c84 52->77 102 401057-40105f 52->102 59 4011d1-401255 call 509d20 * 2 53->59 60 400db2-400dda call 509d20 53->60 61 400fd3-400fd5 54->61 82 401141-40114a 55->82 83 400e21-400e6b call 4c04f0 call 401a20 55->83 56->50 58 4011c2-4011cc call 517810 56->58 74 400ad6-400ada 58->74 60->49 61->44 67 400fd7-400fe1 61->67 67->46 72 400fe3-400fe6 67->72 72->77 78 400fec-401021 72->78 74->14 81 400adc-400ae7 call 4e6a9b 74->81 79 400c8a-400c9c 77->79 80 40110d-401119 call 53adf0 77->80 78->77 86 401027-40102c 78->86 89 401150-401180 call 416870 call 4ce040 call 3f9140 79->89 90 400ca2-400cea call 4e6aa0 call 402300 79->90 114 40111e-40111f 80->114 81->14 82->89 117 400e78-400e7f 83->117 118 400e6d-400e75 call 4e6a9b 83->118 87 40104c-401053 86->87 88 40102e-401034 86->88 87->87 98 401055 87->98 88->88 95 401036-40103a 88->95 147 401185-401196 89->147 121 400cfc-400cfe 90->121 122 400cec-400cf2 90->122 103 401065-401085 call 4e4410 call 433c90 95->103 104 40103c-401042 95->104 98->95 102->103 108 401061-401063 102->108 137 4010a1-4010b5 call 436460 call 459940 103->137 138 401087-40108b 103->138 104->54 109 401044-40104a 104->109 108->104 109->61 120 401121-40112c call 517b10 114->120 127 400e85-400ebf GetCurrentProcess DuplicateHandle 117->127 128 401106 117->128 118->117 140 401139 120->140 141 40112e-401136 call 4e6a9b 120->141 130 400d00-400d0e 121->130 131 400d12-400d24 121->131 122->25 129 400cf8-400cfa 122->129 127->128 143 400ec5-400f06 call 401840 call 4e6aa0 call 402150 call 3fd200 call 401780 127->143 128->80 129->121 136 400d65-400d73 GetProcAddress 129->136 130->131 131->44 139 400d2a-400d37 131->139 136->114 145 400d79-400d83 136->145 137->138 168 4010b7-4010c6 call 533220 137->168 138->77 148 401091-40109c call 4e6a9b 138->148 139->46 149 400d3d-400d40 139->149 140->82 141->140 183 400f08-400f0a call 403210 143->183 184 400f0f-400f5c call 3fd300 call 401630 call 4063e0 143->184 145->121 147->56 148->77 151 400ac5-400ac8 149->151 152 400d46-400d59 149->152 151->147 158 400ace-400ad1 call 405530 151->158 152->158 159 400d5f-400d60 call 401260 152->159 158->74 159->136 175 4010d3-4010d5 168->175 176 4010c8-4010d0 call 4e6a9b 168->176 175->77 179 4010db-4010dd 175->179 176->175 179->158 183->184 184->120 192 400f62-400f66 184->192 193 400f73-400f75 192->193 194 400f68-400f70 call 4e6a9b 192->194 193->74 196 400f7b-400f82 193->196 194->193 198 400fa1-400fb8 call 45c1b0 call 4d0910 196->198 199 400f84-400f9c call 4012e0 call 3fd300 call 4e6a9b 196->199 198->199 199->74
                                      APIs
                                      • IsThreadAFiber.KERNEL32 ref: 00400A48
                                      • ConvertThreadToFiberEx.KERNEL32(00000000,00000001), ref: 00400A5C
                                      • CreateFiberEx.KERNEL32(00000000,00400000,00000001,004009F0,?), ref: 00400A85
                                      • SwitchToFiber.KERNEL32(00000000), ref: 00400A96
                                      • DeleteFiber.KERNEL32(00000000), ref: 00400A9D
                                      • ConvertFiberToThread.KERNEL32 ref: 00400AA3
                                      • GetInstallDetailsPayload.CHROME_ELF ref: 00400B6D
                                      • GetInstallDetailsPayload.CHROME_ELF ref: 00400B7A
                                      • GetInstallDetailsPayload.CHROME_ELF ref: 00400B9A
                                      • GetInstallDetailsPayload.CHROME_ELF ref: 00400B9F
                                      • GetInstallDetailsPayload.CHROME_ELF ref: 00400C57
                                      • GetProcAddress.KERNEL32(00000000,RelaunchChromeBrowserWithNewCommandLineIfNeeded), ref: 00400D6B
                                      • QueryPerformanceCounter.KERNEL32(?,?,type,00000004), ref: 00400D93
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00400DCF
                                      • GetLastError.KERNEL32 ref: 004010ED
                                      Strings
                                      • initial-client-data, xrefs: 00400E50
                                      • ..\..\chrome\app\chrome_exe_main_win.cc, xrefs: 0040110F, 0040115C
                                      • RelaunchChromeBrowserWithNewCommandLineIfNeeded, xrefs: 00400D65
                                      • no-periodic-tasks, xrefs: 00400E0F
                                      • user-data-dir, xrefs: 00400F25, 00400F2F, 00400F36
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00400FC1
                                      • About to load main DLL., xrefs: 0040116B
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00400FBA
                                      • type, xrefs: 00400BF3, 00400F37
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Fiber$DetailsInstallPayload$Thread$Convert$AddressCounterCreateDeleteErrorLastPerformanceProcQuerySwitchUnothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: ..\..\chrome\app\chrome_exe_main_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$About to load main DLL.$RelaunchChromeBrowserWithNewCommandLineIfNeeded$initial-client-data$no-periodic-tasks$type$user-data-dir
                                      • API String ID: 1252984512-2531495068
                                      • Opcode ID: 50cb44b54b9759c5d57f59db7632b184746449429bc503427fd3c98ec1ece376
                                      • Instruction ID: 0f273bee4a99623d23e42204343565e57214def888cdbed106ca0e41fd40126b
                                      • Opcode Fuzzy Hash: 50cb44b54b9759c5d57f59db7632b184746449429bc503427fd3c98ec1ece376
                                      • Instruction Fuzzy Hash: F8220570A007418FDB249F35D885B2777E4BF55304F04893EE986AB6E2EB78E848DB15
                                      Function 004B6D80 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 439memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 210 4b6d80-4b6db0 TryAcquireSRWLockExclusive 211 4b73cb-4b73d2 call 47cf90 210->211 212 4b6db6-4b6dbd 210->212 213 4b73f3-4b73ff ReleaseSRWLockExclusive 212->213 214 4b6dc3-4b6dd6 212->214 217 4b7379-4b738e call 4e9b55 213->217 218 4b6dd8-4b6e00 call 47e010 * 2 214->218 219 4b6e33-4b6e54 214->219 233 4b6e05-4b6e2e call 47e010 * 2 218->233 220 4b6eb9-4b6f56 call 3f9990 * 2 219->220 221 4b6e56-4b6e5d 219->221 241 4b740a-4b7411 220->241 242 4b6f5c-4b6f80 call 3fd550 call 4caea0 220->242 224 4b73c8-4b73c9 221->224 225 4b6e63-4b6e74 221->225 224->211 230 4b6e7a-4b6eb4 225->230 231 4b6fc5-4b6fd0 225->231 234 4b727f-4b72c9 call 5060b0 230->234 231->230 233->219 244 4b72cf-4b72d5 234->244 245 4b6fd5-4b7262 234->245 259 4b6f83-4b6f88 242->259 249 4b72db-4b72de 244->249 250 4b73c5-4b73c6 244->250 248 4b7265-4b727d 245->248 248->234 252 4b72e0-4b72e7 248->252 249->248 250->224 253 4b72e9-4b72eb 252->253 254 4b7312-4b7327 TryAcquireSRWLockExclusive 252->254 256 4b72f3-4b7310 253->256 257 4b732d-4b7338 254->257 258 4b73d7-4b73e1 call 47cf90 254->258 256->254 256->256 261 4b733a-4b7351 ReleaseSRWLockExclusive 257->261 262 4b7391-4b7398 257->262 258->257 263 4b6f8e-4b6f9b 259->263 264 4b7416-4b7419 259->264 266 4b7357-4b7371 ReleaseSRWLockExclusive 261->266 267 4b73e6-4b73ee call 45a660 261->267 270 4b739a-4b73a3 TlsAlloc 262->270 271 4b7404-4b7405 262->271 268 4b6fa1-4b6fb0 263->268 269 4b7447-4b7456 call 3fd4b0 call 416150 263->269 264->259 272 4b741f-4b742e call 514060 264->272 266->217 267->266 275 4b7433-4b7435 268->275 276 4b6fb6-4b6fbf 268->276 282 4b745e-4b7461 269->282 277 4b7407-4b7408 270->277 278 4b73a5-4b73c0 270->278 271->277 272->275 275->282 283 4b7437-4b743b 275->283 276->230 276->231 277->241 278->261 283->269
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 004B6DA5
                                      • __aulldiv.LIBCMT ref: 004B729D
                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 004B7319
                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 004B7341
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B7366
                                      • TlsAlloc.KERNEL32 ref: 004B739A
                                        • Part of subcall function 003F9990: LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,004B6F07,?,?,?), ref: 003F99BC
                                        • Part of subcall function 003F9990: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 003F99CC
                                        • Part of subcall function 0047CF90: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040,00000000,?,004B73D2), ref: 0047CFA1
                                        • Part of subcall function 0047CF90: AcquireSRWLockExclusive.KERNEL32(00000040,?,004B73D2), ref: 0047CFDA
                                        • Part of subcall function 0045A660: TryAcquireSRWLockExclusive.KERNEL32(005B10F0), ref: 0045A694
                                        • Part of subcall function 0045A660: ReleaseSRWLockExclusive.KERNEL32(005B10F0), ref: 0045A6B0
                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 004B73F6
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 004B741F
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$Release$AddressAllocLibraryLoadProc__aulldiv
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                      • API String ID: 1366307475-4189810390
                                      • Opcode ID: 8349dd8fc3a432c216caa0b1125bca43df00cd4f847577cc3acd06558142ff80
                                      • Instruction ID: 387b063a1a576e1cca7320bca68093725f4842d5b48f7f8e7c39eae8f8a84df3
                                      • Opcode Fuzzy Hash: 8349dd8fc3a432c216caa0b1125bca43df00cd4f847577cc3acd06558142ff80
                                      • Instruction Fuzzy Hash: F702C271908B448FD312DF398444356FBE6BFE5340F048B2FE89A63251DB78989ADB52
                                      Function 0047A770 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 319COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 286 47a770-47a795 287 47a966-47a978 call 4e9b55 286->287 288 47a79b-47a7b3 call 47abb0 286->288 293 47a990-47a9af TryAcquireSRWLockExclusive 288->293 294 47a7b9-47a7c5 288->294 295 47a9b5-47a9bb 293->295 296 47aab2-47aab9 call 47cf90 293->296 297 47a7c7-47a7c8 294->297 298 47a7fe-47a802 294->298 299 47a9c1 295->299 300 47aa8c-47aa90 295->300 303 47aabe 296->303 301 47a7d0-47a7d4 297->301 298->303 304 47a808-47a812 298->304 307 47a97b-47a98e ReleaseSRWLockExclusive 299->307 305 47aa96-47aa98 300->305 306 47a9d0-47a9da 300->306 308 47aac5 301->308 309 47a7da-47a7e4 301->309 303->308 311 47ab51-47ab86 call 536310 call 3f69d0 304->311 312 47a818-47a81e 304->312 314 47a9ef-47aa37 305->314 316 47aad2-47ab0a call 536310 call 3f69d0 306->316 317 47a9e0-47a9e6 306->317 315 47a94c-47a964 307->315 322 47aacc-47aacd 308->322 309->311 318 47a7ea-47a7f0 309->318 348 47ab89-47ab93 call 536310 311->348 312->311 319 47a824-47a83d TryAcquireSRWLockExclusive 312->319 327 47aba4-47aba5 314->327 328 47aa3d-47aa5b 314->328 315->287 316->348 317->316 325 47a9ec 317->325 318->311 326 47a7f6-47a7fc 318->326 320 47aaa6-47aaad call 47cf90 319->320 321 47a843-47a849 319->321 320->296 329 47a84f 321->329 330 47a918-47a91c 321->330 331 47aacf-47aad0 322->331 325->314 326->298 326->301 335 47aba7-47abaa 327->335 328->335 336 47aa61-47aa7c 328->336 337 47a932-47a949 ReleaseSRWLockExclusive 329->337 341 47a922-47a924 330->341 342 47a860-47a86a 330->342 331->316 343 47aa7e-47aa80 336->343 344 47aa9d-47aaa4 call 47a2d0 336->344 337->315 350 47a87f-47a8c7 341->350 345 47a870-47a876 342->345 346 47ab0c-47ab4f call 536310 call 3f69d0 call 536310 342->346 343->344 351 47aa82-47aa86 343->351 344->351 345->346 352 47a87c 345->352 360 47ab94-47ab9f call 3f69d0 call 53e760 346->360 348->360 350->331 355 47a8cd-47a8eb 350->355 351->300 351->307 352->350 355->322 358 47a8f1-47a90c 355->358 361 47a90e-47a910 358->361 362 47a929-47a930 call 47a2d0 358->362 360->327 361->362 365 47a912-47a916 361->365 362->365 365->330 365->337
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047A835
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 0047A936
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 0047A97F
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047A9A7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: first$second
                                      • API String ID: 17069307-3095674784
                                      • Opcode ID: 7b414a1a47ef01fff9b0d75a34e8a72d53cece7dbf2f721c94a8b9a3aa8c515f
                                      • Instruction ID: a855fbcfee1087a3a9f81dfe77840f6747fb4bb03066373add6e260c73e2293f
                                      • Opcode Fuzzy Hash: 7b414a1a47ef01fff9b0d75a34e8a72d53cece7dbf2f721c94a8b9a3aa8c515f
                                      • Instruction Fuzzy Hash: 8CB13671A003018BC715CF29C5445AAB7E2EFD5310B29CA6EF99C8B395D7399C62CB86
                                      Function 003F9990 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 414 3f9990-3f999d 415 3f999f-3f99b1 414->415 416 3f99b7-3f99c4 LoadLibraryW 414->416 422 3f99e0-3f99e1 415->422 429 3f99b3-3f99b6 415->429 417 3f99c6-3f99db GetProcAddress 416->417 418 3f99e3-3f9a5b call 4c1960 416->418 417->415 421 3f99dd-3f99de 417->421 424 3f9a5d-3f9a67 418->424 425 3f9a98-3f9a99 418->425 421->422 422->418 427 3f9a9b-3f9a9f 424->427 428 3f9a69-3f9a79 call 4cb380 424->428 425->427 432 3f9a7b-3f9a83 call 4e6a9b 428->432 433 3f9a86-3f9a97 call 4e9b55 428->433 432->433
                                      APIs
                                      • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,004B6F07,?,?,?), ref: 003F99BC
                                      • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 003F99CC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressLibraryLoadProc
                                      • String ID: ProcessPrng$bcryptprimitives.dll
                                      • API String ID: 2574300362-2667675608
                                      • Opcode ID: 057c0bef684e266aa1adccd966bcfaf6a0240d0f09bcdf52a3859bf13e43cf60
                                      • Instruction ID: 450ff29781651a8b6a7485ccf7426159d08eb1f560c2e09361e611fdaa79024f
                                      • Opcode Fuzzy Hash: 057c0bef684e266aa1adccd966bcfaf6a0240d0f09bcdf52a3859bf13e43cf60
                                      • Instruction Fuzzy Hash: 49312874A0020D6FDB05DF61D845BABBBB9FF99311F05C42EE9086B210E730E941CB90
                                      Function 003F6AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(005C3578,003F6A79,?,?,0047E05C,?,-00000048,?), ref: 003F6AEC
                                      • ReleaseSRWLockExclusive.KERNEL32(005C3578,?,?,?,?,?,?,?,0047E05C,?,-00000048,?), ref: 003F6B6D
                                        • Part of subcall function 003F9990: LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,004B6F07,?,?,?), ref: 003F99BC
                                        • Part of subcall function 003F9990: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 003F99CC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireAddressLibraryLoadProcRelease
                                      • String ID: x5\
                                      • API String ID: 969684755-1699692435
                                      • Opcode ID: c987cfffc7fd4ef3e6edef1409c845eb28113ea7858c74151968c67f7676367e
                                      • Instruction ID: 57f5bd1a9c139a48177c00e4ae8534434eec8dd41931a42a020b7a4d65678e42
                                      • Opcode Fuzzy Hash: c987cfffc7fd4ef3e6edef1409c845eb28113ea7858c74151968c67f7676367e
                                      • Instruction Fuzzy Hash: 0531C871E406085FD310DF2AEC81A56BBE6EBE9310B01C12EE999C7351E6305D45EB82
                                      Function 0047AE00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 373 47ae00-47ae22 374 47af31-47af36 373->374 375 47af26-47af2f 374->375 376 47af38-47af6f call 47abb0 TryAcquireSRWLockExclusive 374->376 375->374 377 47af88-47af9a call 4e9b55 375->377 381 47af71-47af77 376->381 382 47af7f-47af86 call 47cf90 376->382 384 47aee4-47aee8 381->384 385 47af7d 381->385 382->381 389 47ae30-47ae3a 384->389 390 47aeee-47aef0 384->390 387 47af00-47af24 ReleaseSRWLockExclusive 385->387 387->375 391 47afa1-47aff4 call 536310 call 3f69d0 call 536310 call 3f69d0 call 53e760 389->391 392 47ae40-47ae46 389->392 393 47ae4f-47ae93 390->393 392->391 395 47ae4c 392->395 396 47af9e-47af9f 393->396 397 47ae99-47aeb7 393->397 395->393 396->391 399 47aebd-47aed8 397->399 400 47af9b-47af9c 397->400 402 47aef5-47aefc call 47a2d0 399->402 403 47aeda-47aedc 399->403 400->396 405 47aede-47aee2 402->405 403->402 403->405 405->384 405->387
                                      APIs
                                      • ReleaseSRWLockExclusive.KERNEL32(00000001,00000001), ref: 0047AF04
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047AF67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: first$second
                                      • API String ID: 17069307-3095674784
                                      • Opcode ID: 168217e7dcc7c9476719369b9cd4b67502bca9130c3d0c77d7b2dbc437ddbbb5
                                      • Instruction ID: 81841de592e994970019308afd2eca00a0702a53febd4c8608de84b65fcaa321
                                      • Opcode Fuzzy Hash: 168217e7dcc7c9476719369b9cd4b67502bca9130c3d0c77d7b2dbc437ddbbb5
                                      • Instruction Fuzzy Hash: DD5113716007029BD7108F2AC4846ABFBE2AFC5314F18C67EF59D87399D73998528786
                                      Function 003F69E0 Relevance: 5.1, APIs: 4, Instructions: 56memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 452 3f69e0-3f69f3 453 3f6a0f-3f6a12 452->453 454 3f69f5 452->454 456 3f6a14 453->456 457 3f6a43-3f6a44 453->457 455 3f69fa-3f6a0a VirtualAlloc 454->455 459 3f6a0c-3f6a0e 455->459 460 3f6a22-3f6a2d GetLastError 455->460 456->455 456->457 458 3f6a46-3f6a4b 456->458 461 3f6a4d-3f6a5c VirtualFree 456->461 462 3f6a1b-3f6a20 456->462 457->458 458->455 464 3f6a2f-3f6a34 460->464 465 3f6a36-3f6a37 call 534680 460->465 461->459 463 3f6a5e-3f6a66 GetLastError 461->463 462->455 463->459 466 3f6a68-3f6a6b 463->466 464->465 467 3f6a3c-3f6a3e 464->467 465->467 467->459 469 3f6a40-3f6a41 467->469 469->457
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,00001000,00000020), ref: 003F6A02
                                      • GetLastError.KERNEL32 ref: 003F6A22
                                      • VirtualFree.KERNEL32(?,?,00004000), ref: 003F6A54
                                      • GetLastError.KERNEL32 ref: 003F6A5E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLastVirtual$AllocFree
                                      • String ID:
                                      • API String ID: 2325269287-0
                                      • Opcode ID: 2639692921cff0addaf513e6ef48336481b0639aa2ea2229c3153f56187e021a
                                      • Instruction ID: b363062e9fc2294610080bb3ffdc09602b5a67a4c9ce4da76ab539e01324b435
                                      • Opcode Fuzzy Hash: 2639692921cff0addaf513e6ef48336481b0639aa2ea2229c3153f56187e021a
                                      • Instruction Fuzzy Hash: 6F0126B070020DABEF265B21DC1EB7A375DEFA6396F158824FB06E7590DB38D840C562
                                      Function 00479FA0 Relevance: 3.2, APIs: 2, Instructions: 220COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 470 479fa0-479fac 471 479fb2-479ff0 470->471 472 47a119-47a120 470->472 473 479ff2-479ff8 471->473 474 47a03e-47a042 471->474 475 47a121-47a12a 473->475 476 479ffe-47a014 473->476 477 47a162-47a179 TryAcquireSRWLockExclusive 474->477 478 47a048-47a05e 474->478 485 47a135-47a138 475->485 479 47a20c-47a215 call 47a290 476->479 480 47a01a-47a01c 476->480 481 47a17f-47a18f 477->481 482 47a24a-47a252 call 47cf90 477->482 483 47a064-47a07c 478->483 484 47a272-47a27a call 4e9694 478->484 510 47a21d-47a245 479->510 486 47a020-47a029 480->486 489 47a195-47a1b3 481->489 490 47a27f-47a280 481->490 482->481 483->477 492 47a082-47a095 483->492 493 47a14e-47a15e 485->493 486->486 494 47a02b-47a02d 486->494 497 47a282-47a285 489->497 498 47a1b9-47a1de 489->498 490->497 500 47a263 492->500 501 47a09b-47a0a0 492->501 493->477 502 47a033-47a038 494->502 503 47a26a-47a26d call 5362c0 494->503 504 47a1e0-47a1e9 ReleaseSRWLockExclusive 498->504 505 47a1ee-47a1f2 call 47a2d0 498->505 500->503 506 47a0a6-47a0bc 501->506 507 47a142-47a146 501->507 502->474 502->510 503->484 504->472 516 47a1f7 505->516 511 47a0be-47a0f1 506->511 512 47a13a-47a13e 506->512 507->485 509 47a148-47a14b 507->509 509->493 510->472 514 47a0f7-47a0fd 511->514 515 47a1f9-47a207 call 47a770 511->515 512->507 517 47a257-47a25e call 47ae00 514->517 518 47a103-47a115 514->518 515->479 516->504 517->500 518->472
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(656D6DA9,00000000,-00000004,?,?,?,00409E75,0059FE90,-00000004,00000000), ref: 0047A171
                                      • ReleaseSRWLockExclusive.KERNEL32(00409E75,00000001,?,00409E75,0059FE90,-00000004,00000000), ref: 0047A1E3
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID:
                                      • API String ID: 17069307-0
                                      • Opcode ID: 6873edbdbd012af0e883ff9bddc155203544a174bada232400670a31c0d88e51
                                      • Instruction ID: c3927896ee8485aac00d4e45e1df933cd33118a4222fa8e7fd7f73b8469aa394
                                      • Opcode Fuzzy Hash: 6873edbdbd012af0e883ff9bddc155203544a174bada232400670a31c0d88e51
                                      • Instruction Fuzzy Hash: 5B81F4306002418FEB18CF69C4847AAB7F5FF81314F18C5AAE81D8B696D739D865CB46
                                      Function 003F6A70 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 523 3f6a70-3f6a74 call 3f6ad0 525 3f6a79-3f6a83 523->525 526 3f6a9e-3f6ab2 GetCurrentProcess IsWow64Process 525->526 527 3f6a85-3f6a87 525->527 528 3f6abb-3f6ac5 526->528 529 3f6ab4-3f6ab9 526->529 530 3f6a89-3f6a95 527->530 531 3f6a97 527->531 528->531 529->527 532 3f6a99-3f6a9d 530->532 531->532
                                      APIs
                                        • Part of subcall function 003F6AD0: TryAcquireSRWLockExclusive.KERNEL32(005C3578,003F6A79,?,?,0047E05C,?,-00000048,?), ref: 003F6AEC
                                        • Part of subcall function 003F6AD0: ReleaseSRWLockExclusive.KERNEL32(005C3578,?,?,?,?,?,?,?,0047E05C,?,-00000048,?), ref: 003F6B6D
                                      • GetCurrentProcess.KERNEL32(?,?,0047E05C,?,-00000048,?), ref: 003F6A9E
                                      • IsWow64Process.KERNEL32(00000000,005B2550,?,0047E05C,?,-00000048,?), ref: 003F6AAA
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                      • String ID:
                                      • API String ID: 2898688079-0
                                      • Opcode ID: 5a263e9f3fa353e97d8a44673390f387b0b86aecbab10ecfeec2214aaee9958a
                                      • Instruction ID: 878d3e1a803d653168dac1f16888d0b6f2b22ff4769e0393e2346c600e0a82ff
                                      • Opcode Fuzzy Hash: 5a263e9f3fa353e97d8a44673390f387b0b86aecbab10ecfeec2214aaee9958a
                                      • Instruction Fuzzy Hash: 96E0E5F160012947CA614B6C6C4673137887714351F198214EA01EB2D0F710EC0563B1
                                      Function 0050361B Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 533 50361b-50362f GetLastError 534 503631-503639 call 503d14 533->534 535 50364b-503655 call 503d53 533->535 540 503646 534->540 541 50363b-503644 534->541 542 503657-503659 535->542 543 50365b-503663 call 4e4570 535->543 540->535 544 5036c0-5036cb SetLastError 541->544 542->544 546 503668-50366e 543->546 547 503670-50367f call 503d53 546->547 548 503681-50368f call 503d53 546->548 553 5036a0-5036a6 call 4d3f40 547->553 554 503691-50369f call 503d53 548->554 555 5036a8-5036bd call 5037dc call 4d3f40 548->555 563 5036bf 553->563 554->553 555->563 563->544
                                      APIs
                                      • GetLastError.KERNEL32(?,?,004E8151,00518715,?,00000000,?,0053476B,?,?), ref: 0050361F
                                      • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0053476B,?,?), ref: 005036C1
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID:
                                      • API String ID: 1452528299-0
                                      • Opcode ID: f3e09ab81c322d78ca5d1c918ee0197ed19a8f761b052a136e896ac31818bb12
                                      • Instruction ID: 61ed082b42a754960f9725041d5be6f6748ac455d6d2e4dc6c5a06d299a083f0
                                      • Opcode Fuzzy Hash: f3e09ab81c322d78ca5d1c918ee0197ed19a8f761b052a136e896ac31818bb12
                                      • Instruction Fuzzy Hash: A611C2317042127FD7112BB5ECCAA6F3E5CFB527A87240235F505922F1DA518E08A264
                                      Function 0050727B Relevance: 1.6, APIs: 1, Instructions: 113COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 565 50727b-50728f 566 507291-507296 565->566 567 5072fd-507305 565->567 566->567 568 507298-50729d 566->568 569 507307-50730a 567->569 570 50734c-507364 call 507415 567->570 568->567 571 50729f-5072a2 568->571 569->570 573 50730c-507349 call 4d3f40 * 4 569->573 579 507367-50736e 570->579 571->567 574 5072a4-5072ac 571->574 573->570 577 5072c6-5072ce 574->577 578 5072ae-5072b1 574->578 584 5072d0-5072d3 577->584 585 5072e8-5072fc call 4d3f40 * 2 577->585 578->577 581 5072b3-5072c5 call 4d3f40 call 506701 578->581 582 507370-507374 579->582 583 50738d-507391 579->583 581->577 591 507376-507379 582->591 592 50738a 582->592 587 507393-507398 583->587 588 5073a9-5073b5 583->588 584->585 593 5072d5-5072e7 call 4d3f40 call 506a1d 584->593 585->567 595 5073a6 587->595 596 50739a-50739d 587->596 588->579 598 5073b7-5073c2 call 4d3f40 588->598 591->592 600 50737b-507389 call 4d3f40 * 2 591->600 592->583 593->585 595->588 596->595 605 50739f-5073a0 call 4d3f40 596->605 600->592 619 5073a5 605->619 619->595
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ___free_lconv_mon
                                      • String ID:
                                      • API String ID: 3903695350-0
                                      • Opcode ID: 42922131f294474618ff96a99527d1008e17b0723c9083fe9e4cbc24162f6107
                                      • Instruction ID: 291822f86cef23b38d9873aa16f91918d623c50bab4a20b9de1ab448596b832f
                                      • Opcode Fuzzy Hash: 42922131f294474618ff96a99527d1008e17b0723c9083fe9e4cbc24162f6107
                                      • Instruction Fuzzy Hash: 2E316C31A0860A9BEB20AF7AD805B9EBBE4FF04715F14486EF454D6291DB34F9409A19
                                      Function 004009F0 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 622 4009f0-4009fc call 400a20 624 400a01-400a0f SwitchToFiber 622->624
                                      APIs
                                        • Part of subcall function 00400A20: IsThreadAFiber.KERNEL32 ref: 00400A48
                                        • Part of subcall function 00400A20: ConvertThreadToFiberEx.KERNEL32(00000000,00000001), ref: 00400A5C
                                        • Part of subcall function 00400A20: CreateFiberEx.KERNEL32(00000000,00400000,00000001,004009F0,?), ref: 00400A85
                                        • Part of subcall function 00400A20: SwitchToFiber.KERNEL32(00000000), ref: 00400A96
                                        • Part of subcall function 00400A20: DeleteFiber.KERNEL32(00000000), ref: 00400A9D
                                        • Part of subcall function 00400A20: ConvertFiberToThread.KERNEL32 ref: 00400AA3
                                      • SwitchToFiber.KERNEL32(?,?), ref: 00400A07
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Fiber$Thread$ConvertSwitch$CreateDelete
                                      • String ID:
                                      • API String ID: 3938851108-0
                                      • Opcode ID: b0ab203bdff92e99069945fec6cfa2670f893d17200f434695ade55a0d841bf7
                                      • Instruction ID: dad7d47df88be0ab6399af494d6839a40c03e40740bda6dd842cbbb198a8f936
                                      • Opcode Fuzzy Hash: b0ab203bdff92e99069945fec6cfa2670f893d17200f434695ade55a0d841bf7
                                      • Instruction Fuzzy Hash: D2D01232500214EFC7107F69E805897BFB8EF11350B00843AF94662521D7326824EFD5

                                      Non-executed Functions

                                      Function 003F8030 Relevance: 42.6, APIs: 16, Strings: 8, Instructions: 603COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleExW.KERNEL32(00000004,?,?), ref: 003F82EC
                                      • GetLastError.KERNEL32 ref: 003F8301
                                      • SetLastError.KERNEL32(00000000), ref: 003F830F
                                      • GetLastError.KERNEL32 ref: 003F8332
                                      • SetLastError.KERNEL32(00000000), ref: 003F8343
                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F851D
                                      • K32GetModuleInformation.KERNEL32(00000000,?,?,0000000C,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F8530
                                      • GetLastError.KERNEL32(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F856F
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F857D
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F8591
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F85B1
                                      • GetSystemInfo.KERNEL32(?), ref: 003F8686
                                      • GetLastError.KERNEL32(00591384,..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type,?,?,?), ref: 003F86B8
                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F8700
                                      Strings
                                      • ..\..\third_party\perfetto\src\tracing\event_context.cc, xrefs: 003F8229, 003F825E
                                      • PERFETTO_CHECK(tls_state_), xrefs: 003F8238
                                      • {}-, xrefs: 003F846C
                                      • %s (errno: %d, %s), xrefs: 003F823D, 003F8272
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 003F80E3, 003F81D0
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 003F86A9
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 003F86A2
                                      • PERFETTO_CHECK(key), xrefs: 003F826D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$Module$CurrentFreeHandleInfoInformationLibraryProcessSystem
                                      • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\perfetto\src\tracing\event_context.cc$PERFETTO_CHECK(key)$PERFETTO_CHECK(tls_state_)${}-
                                      • API String ID: 4075626267-2919275849
                                      • Opcode ID: 77fc50768ccfc72ca3960169c7ee8ed6ca6aa01d68d8bc895db499d4a3cb9f27
                                      • Instruction ID: 09c22f359c613febe76327946dcfffc20a762f817f595d2598e6fbc1058c4b5b
                                      • Opcode Fuzzy Hash: 77fc50768ccfc72ca3960169c7ee8ed6ca6aa01d68d8bc895db499d4a3cb9f27
                                      • Instruction Fuzzy Hash: 4622C1B0E002199FDF15DFA5D885BAEBBB4FF45304F248129E909AB341EB30A945CF91
                                      Function 00408C00 Relevance: 35.4, APIs: 13, Strings: 7, Instructions: 449synchronizationthreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateThread.KERNEL32(00000000,00000000,00433FE0,00000000,00000000,00000000), ref: 00408CC1
                                      • CreateThread.KERNEL32(00000000,00000000,00433FE0,00000000,00000000,00000000), ref: 00408D41
                                        • Part of subcall function 00409620: VerSetConditionMask.KERNEL32 ref: 0040968B
                                        • Part of subcall function 00409620: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00409697
                                        • Part of subcall function 00409620: VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 004096A3
                                        • Part of subcall function 00409620: VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 004096C3
                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00408D76
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00408DE7
                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00408E0F
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00408E1E
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00408E80
                                      • WaitForSingleObject.KERNEL32(?,-00000001), ref: 00408F23
                                      • WaitForSingleObject.KERNEL32(?,-00000001), ref: 00408F2A
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00408F30
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00408F67
                                      • CloseHandle.KERNEL32(?), ref: 00408F76
                                      • CloseHandle.KERNEL32(?), ref: 00408F89
                                        • Part of subcall function 00549540: _strlen.LIBCMT ref: 00549550
                                        • Part of subcall function 004091B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00408DC9), ref: 004091D1
                                        • Part of subcall function 004091B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00408DC9), ref: 004091D9
                                        • Part of subcall function 004091B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00408DC9), ref: 004091E2
                                        • Part of subcall function 004091B0: CloseHandle.KERNEL32(?,?,?,?,?,?,00408DC9), ref: 00409200
                                        • Part of subcall function 004091B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00408DC9), ref: 0040922E
                                        • Part of subcall function 004091B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00408DC9), ref: 00409258
                                        • Part of subcall function 004091B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00408DC9), ref: 00409282
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CloseHandle$ExclusiveLockWait$ConditionMaskReleaseUnregister$AcquireCompletionCreateObjectQueuedSingleStatusThread$InfoVerifyVersion_strlen
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$CreateNamedPipe$CreateThread$Free$Run
                                      • API String ID: 2114208606-1806101671
                                      • Opcode ID: b68332d549bcd38b3b52e2ba073a0e86b301e1e375c0d58e3641368dcb56709e
                                      • Instruction ID: e2f87f79ed7a502ae24b925cd8550cb50326f852bb14ba5592a77e4056028f85
                                      • Opcode Fuzzy Hash: b68332d549bcd38b3b52e2ba073a0e86b301e1e375c0d58e3641368dcb56709e
                                      • Instruction Fuzzy Hash: EDF1B1B1A04301AFC710DF25D98195BBBE5BF99704F144A2EF885A7292DB34ED04CB96
                                      Function 004E5A50 Relevance: 34.1, APIs: 17, Strings: 2, Instructions: 887threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 004E5A5E
                                      Strings
                                      • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 004E603F, 004E65A4
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004E6038, 004E65C2
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThread
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value
                                      • API String ID: 2882836952-3013800257
                                      • Opcode ID: 3d17e3c1942ef65038f9cdb67d845e19618e2a81464f8f9300318c652504b74c
                                      • Instruction ID: 99ceabf1acd1260c2172b45e14ee971129def32d1093b1852184e4b3af99bcec
                                      • Opcode Fuzzy Hash: 3d17e3c1942ef65038f9cdb67d845e19618e2a81464f8f9300318c652504b74c
                                      • Instruction Fuzzy Hash: A5724971A083419FC708CF29C49462AFBE6FBD8354F148A2EF899973A1D774E845CB46
                                      Function 004DA580 Relevance: 34.0, APIs: 10, Strings: 9, Instructions: 738COMMON
                                      Download Yara Rule
                                      APIs
                                      • _strlen.LIBCMT ref: 004DA5A5
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004DA791
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004DA8C7
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004DAAAC
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004DAAD5
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004DAAF8
                                      • _strlen.LIBCMT ref: 004DACF0
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 004DAD5F
                                      Strings
                                      • Histogram.TooManyBuckets.1000, xrefs: 004DAED8
                                      • Histogram.BadConstructionArguments, xrefs: 004DAF7C
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 004DAF4F
                                      • Blink.UseCounter, xrefs: 004DAEE9
                                      • T[, xrefs: 004DADE3
                                      • Histogram.MismatchedConstructionArguments, xrefs: 004DAF32
                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004DAFF1
                                      • T[, xrefs: 004DADB4
                                      • T[, xrefs: 004DAE99
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease$_strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$T[$T[$T[
                                      • API String ID: 1657474455-258733376
                                      • Opcode ID: b5f35733583ac000a6e68fd64b26f76486bec0c98b7fd1d60d9bb26ef8856b37
                                      • Instruction ID: c6bbde05147577f2c220b9f541d70da539f272f774d83034ff58bcd9c889ce35
                                      • Opcode Fuzzy Hash: b5f35733583ac000a6e68fd64b26f76486bec0c98b7fd1d60d9bb26ef8856b37
                                      • Instruction Fuzzy Hash: 3652E375E002148FDB14CF24C8A57AEB7B6BF85304F18819BE809AB341D739ED95CB96
                                      Function 00478210 Relevance: 30.6, APIs: 20, Instructions: 595threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047832D
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00478414
                                      • GetCurrentThreadId.KERNEL32 ref: 00478728
                                      • GetCurrentThreadId.KERNEL32 ref: 00478741
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 0047875A
                                      • GetCurrentThreadId.KERNEL32 ref: 0047877E
                                      • GetCurrentThreadId.KERNEL32 ref: 0047878F
                                      • GetCurrentThreadId.KERNEL32 ref: 004787A0
                                      • GetCurrentThreadId.KERNEL32 ref: 004787B1
                                      • GetCurrentThreadId.KERNEL32 ref: 004787C2
                                      • GetCurrentThreadId.KERNEL32 ref: 004787D3
                                      • GetCurrentThreadId.KERNEL32 ref: 004787E7
                                      • GetCurrentThreadId.KERNEL32 ref: 004787F9
                                      • GetCurrentThreadId.KERNEL32 ref: 0047884F
                                      • GetCurrentThreadId.KERNEL32 ref: 00478860
                                      • GetCurrentThreadId.KERNEL32 ref: 00478879
                                      • GetCurrentThreadId.KERNEL32 ref: 0047888A
                                      • GetCurrentThreadId.KERNEL32 ref: 004788A3
                                      • GetCurrentThreadId.KERNEL32 ref: 004788E7
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThread$ExclusiveLock$Acquire$Release
                                      • String ID:
                                      • API String ID: 1097530104-0
                                      • Opcode ID: 3daa3dc9b02b43184b7d50d06379bf3155c52bee899b82f3e09596ddd2d2054b
                                      • Instruction ID: 96ab76032e677bd2223d57d68b75999aadfa0ff08eb7f69c6962b004a2159de9
                                      • Opcode Fuzzy Hash: 3daa3dc9b02b43184b7d50d06379bf3155c52bee899b82f3e09596ddd2d2054b
                                      • Instruction Fuzzy Hash: 30324971E4021A9BCB18CF68C4886EEF7B2BF98310F29855AD859B7311DB34AC41CBD5
                                      Function 00475CA0 Relevance: 28.9, APIs: 14, Strings: 2, Instructions: 856COMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00475F03
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00475F40
                                      • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00475FE9
                                      • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?), ref: 004760E0
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004761B0
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004761ED
                                      • AcquireSRWLockExclusive.KERNEL32(00000000), ref: 0047622F
                                      Strings
                                      • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00476829
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004762E6
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireCounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$Release
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value
                                      • API String ID: 2252595807-3013800257
                                      • Opcode ID: 3b0041ed1e18201f9a66347dbaefbc58065878cecfab4713da741be37afa1c13
                                      • Instruction ID: 865abb11407e10e838fda875b8d52a24efe34eae2c707146c52fc8ef869a876d
                                      • Opcode Fuzzy Hash: 3b0041ed1e18201f9a66347dbaefbc58065878cecfab4713da741be37afa1c13
                                      • Instruction Fuzzy Hash: 2F72C171A047408FCB29CF24D484AABB7E5FF98304F0589AEE8895B352D774ED45CB86
                                      Function 004B0F50 Relevance: 28.8, APIs: 10, Strings: 6, Instructions: 777COMMON
                                      Download Yara Rule
                                      APIs
                                      • _strlen.LIBCMT ref: 004B10B5
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004B123C
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B1372
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B1508
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004B1534
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B1557
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 004B17D2
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B1968
                                      Strings
                                      • T[, xrefs: 004B1835
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 004B190A
                                      • Histogram.MismatchedConstructionArguments, xrefs: 004B192E
                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004B1994
                                      • T[, xrefs: 004B18E8
                                      • T[, xrefs: 004B1806
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Release$Acquire$_strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Histogram.MismatchedConstructionArguments$T[$T[$T[
                                      • API String ID: 576647242-766949781
                                      • Opcode ID: bc6dbe3de1ae0283ed84f2e523769bcc2e584bd48e8e647f92185f0f195f8fbb
                                      • Instruction ID: 7742f86a1e932fd91ded5443a1d845a7953ad5e745a3ba493f71d30dfafb7d51
                                      • Opcode Fuzzy Hash: bc6dbe3de1ae0283ed84f2e523769bcc2e584bd48e8e647f92185f0f195f8fbb
                                      • Instruction Fuzzy Hash: 6A520771E002158FDF24CF24D891BEEB7B6BF85304F58806AE80AAB351D734AD55CBA5
                                      Function 0047E600 Relevance: 27.2, APIs: 13, Strings: 2, Instructions: 984COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047E850
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047EB12
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,?,00000000), ref: 0047EBD1
                                        • Part of subcall function 00468000: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00468170
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047ECEA
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 0047ED75
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 0047E889
                                        • Part of subcall function 00468000: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00468047
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: first$second
                                      • API String ID: 17069307-3095674784
                                      • Opcode ID: a97be642e72416eaca84414464ffdbf8ffb8c7ac2d8af4e8342ce0d1e7754bef
                                      • Instruction ID: 3f760bf3c443fb8396d2e20ff546d1f1ff0f54b04f2ea4eb6c50fac6ec42f74f
                                      • Opcode Fuzzy Hash: a97be642e72416eaca84414464ffdbf8ffb8c7ac2d8af4e8342ce0d1e7754bef
                                      • Instruction Fuzzy Hash: 228214716043019FD718CF25C884AAAB7E2FF88314F19C6AEE9894B392D734EC45CB85
                                      Function 004734F0 Relevance: 23.9, APIs: 5, Strings: 8, Instructions: 1193COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,F1645913), ref: 004739CB
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,F1645913), ref: 00473B6A
                                      Strings
                                      • 1U!S, xrefs: 00473C3B
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00474AE3
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00474AB6
                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00474AD4
                                      • T[, xrefs: 00474A40
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00474AC5
                                      • 1U!S, xrefs: 00473CBD
                                      • T[, xrefs: 00474A6E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S$T[$T[
                                      • API String ID: 17069307-945805135
                                      • Opcode ID: 2321770775f6d8c173432e0cb9b6f43ca02942540ef0c42b10c1f1c2bb6c2334
                                      • Instruction ID: 2f01d1b8f20a1e3e86803ca0686fc7458e816a93dd1c87d111ba0345e2c72da0
                                      • Opcode Fuzzy Hash: 2321770775f6d8c173432e0cb9b6f43ca02942540ef0c42b10c1f1c2bb6c2334
                                      • Instruction Fuzzy Hash: D4A2B075E002158FDB24CF24C880BAAB7B2BBD6304F19C19AD94EAB345DB34AD85CF55
                                      Function 00416910 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 314timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,004168F7,?,0000000C,?,00000000,?,?,00532D92,?,00000001,?,?), ref: 0041692E
                                      • SetLastError.KERNEL32(00000000,?,004168F7,?,0000000C,?,00000000,?,?,00532D92,?,00000001,?,?), ref: 00416938
                                      • _strlen.LIBCMT ref: 00416947
                                      • GetLocalTime.KERNEL32(0000000C,?,?,?,?,?,004168F7,?,0000000C,?,00000000,?,?,00532D92,?,00000001), ref: 004169AA
                                      • _strlen.LIBCMT ref: 00416AAF
                                      • SetLastError.KERNEL32(?,?,?,00000001), ref: 00416B8F
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00416BC4
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00416BD2
                                      • )] , xrefs: 00416AFE
                                      • ..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00416BD9
                                      • UNKNOWN, xrefs: 00416BE8
                                      • ..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size(), xrefs: 00416BCB
                                      • VERBOSE, xrefs: 00416C58
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_strlen$LocalTime
                                      • String ID: )] $..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size()$UNKNOWN$VERBOSE
                                      • API String ID: 1138008395-693731270
                                      • Opcode ID: 9f755e46558035265bc6cb590490ee7aca291dc15459de9c235e191fe9938d07
                                      • Instruction ID: 8eda566447f67133c08c3b695925c0ce199041e22fefd8167a9b7cd007b2b9a3
                                      • Opcode Fuzzy Hash: 9f755e46558035265bc6cb590490ee7aca291dc15459de9c235e191fe9938d07
                                      • Instruction Fuzzy Hash: CBB1F6B4E002249FCB14EF65C885ABEBBB5EF49314F05445EE805A7352E739EC42CBA5
                                      Function 00409620 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 224pipeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VerSetConditionMask.KERNEL32 ref: 0040968B
                                      • VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00409697
                                      • VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 004096A3
                                      • VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 004096C3
                                      • LocalFree.KERNEL32(?), ref: 004097FF
                                      • CreateNamedPipeW.KERNEL32 ref: 0040987A
                                      • SetLastError.KERNEL32(00000000), ref: 00409915
                                        • Part of subcall function 004E82C8: AcquireSRWLockExclusive.KERNEL32(005B2800,000000C0,?,?,0047FE69,005C2A10), ref: 004E82D3
                                        • Part of subcall function 004E82C8: ReleaseSRWLockExclusive.KERNEL32(005B2800,?,0047FE69,005C2A10), ref: 004E830D
                                      Strings
                                      • D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0), xrefs: 0040974E
                                      • BuildSecurityDescriptor, xrefs: 0040994C
                                      • LocalFree, xrefs: 004098FA
                                      • ConvertStringSecurityDescriptorToSecurityDescriptor, xrefs: 004098CF
                                      • ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc, xrefs: 004098BD, 0040993A
                                      • ..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc, xrefs: 004098E8
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ConditionMask$ExclusiveLock$AcquireCreateErrorFreeInfoLastLocalNamedPipeReleaseVerifyVersion
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)$LocalFree
                                      • API String ID: 2435325764-909682083
                                      • Opcode ID: 90bdeb7609654c299971bcd18adf0f368a12eaa92471071b9ad2240a9d07edd5
                                      • Instruction ID: dc83618f33562cb67b3267c73e4f83f16eeb0ac47483d0aea21f8d61ac5be93b
                                      • Opcode Fuzzy Hash: 90bdeb7609654c299971bcd18adf0f368a12eaa92471071b9ad2240a9d07edd5
                                      • Instruction Fuzzy Hash: 2D81F771A003059FEB249F65DC49FAA7BB8FF95700F00816AE80967392DB745E48CFA5
                                      Function 0043C090 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 509COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcessId.KERNEL32 ref: 0043C0BF
                                        • Part of subcall function 004A0030: GetLastError.KERNEL32 ref: 004A00AC
                                        • Part of subcall function 004A0030: SetLastError.KERNEL32(00000000), ref: 004A00BA
                                        • Part of subcall function 004A0030: SetLastError.KERNEL32(?), ref: 004A017B
                                        • Part of subcall function 0043C8B0: __aullrem.LIBCMT ref: 0043C909
                                        • Part of subcall function 0043C8B0: __aullrem.LIBCMT ref: 0043C950
                                        • Part of subcall function 0043C8B0: __aullrem.LIBCMT ref: 0043C994
                                      • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000,?,?,00000000,?,?), ref: 0043C20A
                                      • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000,?,?,00000000,?,?), ref: 0043C215
                                      • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000,?,?,00000000,?,?), ref: 0043C220
                                      • SetUnhandledExceptionFilter.KERNEL32(00549C50,?,?,?,?,00000000,?,?), ref: 0043C24A
                                      • AddVectoredExceptionHandler.KERNEL32(00000001,0045B0D0,?,?,?,?,00000000,?,?), ref: 0043C259
                                        • Part of subcall function 00549540: _strlen.LIBCMT ref: 00549550
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CreateErrorEventLast__aullrem$Exception$CurrentFilterHandlerProcessUnhandledVectored_strlen
                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crashpad_client_win.cc$CreateNamedPipe$CreatePipe$CreateThread$\\.\pipe\crashpad_%lu_
                                      • API String ID: 2423010757-465946070
                                      • Opcode ID: 1b47f41a4414d588c67de5a98778204d2281bb2db0b98f598caae5ebd43e54b9
                                      • Instruction ID: 6f5fe8c87fb1ebe8cf2a8295d267a77be7976ced94dfb9c479504405d93ed1a7
                                      • Opcode Fuzzy Hash: 1b47f41a4414d588c67de5a98778204d2281bb2db0b98f598caae5ebd43e54b9
                                      • Instruction Fuzzy Hash: C712D1B0A00215DFDB10CF65C880B6ABBF5BF59304F1485AAE809BB352E735E985CF95
                                      Function 004B96F0 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 444COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004B9840
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B9863
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 004B9B51
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B9CC4
                                        • Part of subcall function 004775E0: _strlen.LIBCMT ref: 004775FF
                                      Strings
                                      • Histogram.TooManyBuckets.1000, xrefs: 004B9BD1
                                      • Histogram.BadConstructionArguments, xrefs: 004B9C33
                                      • Blink.UseCounter, xrefs: 004B9BE2
                                      • Histogram.MismatchedConstructionArguments, xrefs: 004B9C4B
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004B9C19
                                      • T[, xrefs: 004B9BB6
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004B9C12
                                      • 0QQ, xrefs: 004B9772, 004B9B5C
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease$_strlen
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$0QQ$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$T[
                                      • API String ID: 1657474455-740844680
                                      • Opcode ID: 4b1df67f203709525d18bc38593aa5d5f5d53b7dc4525dc93982bbf152f5b262
                                      • Instruction ID: 557968516e71ea206c0c854bb83cf969ca617326af3a9d09ffa2c3df711a0ea0
                                      • Opcode Fuzzy Hash: 4b1df67f203709525d18bc38593aa5d5f5d53b7dc4525dc93982bbf152f5b262
                                      • Instruction Fuzzy Hash: F7F1E671A042009FDB14DF24D8816AABBF5FF89310F05852EFA869B351DB34EC05CBA6
                                      Function 004B19D0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 342COMMON
                                      Download Yara Rule
                                      Strings
                                      • T[, xrefs: 004B1CEF
                                      • Histogram.TooManyBuckets.1000, xrefs: 004B1D11
                                      • Histogram.BadConstructionArguments, xrefs: 004B1DFC
                                      • Blink.UseCounter, xrefs: 004B1D22
                                      • Histogram.MismatchedConstructionArguments, xrefs: 004B1DD6
                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004B1E1F
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 004B1D56
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 004B1D4F
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000$T[
                                      • API String ID: 0-196588385
                                      • Opcode ID: a7fab4441d40ddcb622936c45d399a2d9158a3633beac3c69b66dacab4e4f57c
                                      • Instruction ID: 6eb117570019fafd064d43341a64753a4404917c852397ed0b3db53bb25cde2c
                                      • Opcode Fuzzy Hash: a7fab4441d40ddcb622936c45d399a2d9158a3633beac3c69b66dacab4e4f57c
                                      • Instruction Fuzzy Hash: 57C1F075A002049FCF14DFA5D8959EEBBB6FF48300F54402AE80667361DB39BD06CBA5
                                      Function 003F25F0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 271fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 003F26B9
                                      • GetLastError.KERNEL32 ref: 003F26CA
                                      • SetLastError.KERNEL32(00000000), ref: 003F26F6
                                      • MapViewOfFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 003F2754
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorFileLast$CreateMappingView
                                      • String ID: ..\..\base\files\memory_mapped_file_win.cc$GetHandleVerifier$MapFileRegionToMemory$MapImageToMemory$ScopedBlockingCall
                                      • API String ID: 2231327692-1444722369
                                      • Opcode ID: 4848de25a102fdb458c0103d5c8d790aa2e46570d1d7556d6c4d2a968d10ee7f
                                      • Instruction ID: 6c2c27e746adf5bbea246a07ca0f6cf6719a1b549f4586413c6bf07f7cbd3aad
                                      • Opcode Fuzzy Hash: 4848de25a102fdb458c0103d5c8d790aa2e46570d1d7556d6c4d2a968d10ee7f
                                      • Instruction Fuzzy Hash: F2A1E071604304DFCB15DF20C84567BBBE5FF99310F14892DFA8697291DBB4A808CB92
                                      Function 004727F0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 423COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004B2818,?), ref: 0047280D
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004B2818,?), ref: 00472985
                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004B2818,?), ref: 00472BDF
                                      • __floor_pentium4.LIBCMT ref: 00472CE3
                                      Strings
                                      • )Y, xrefs: 00472C70
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00472C84
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00472C98
                                      • T[, xrefs: 00472C61
                                      • T[, xrefs: 00472C34
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$Release__floor_pentium4
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$T[$T[$)Y
                                      • API String ID: 1376758062-1729069072
                                      • Opcode ID: 98e66b0adc33e5c617c0a8455082d77968840b6e27d60ff3ec830a6d9c8bac98
                                      • Instruction ID: 573a2eaab9072c6c8a8de4c1f0ca3b0b105844bd93dde952effe8c49f24dde6c
                                      • Opcode Fuzzy Hash: 98e66b0adc33e5c617c0a8455082d77968840b6e27d60ff3ec830a6d9c8bac98
                                      • Instruction Fuzzy Hash: 5AF1C470A046058FCB14DF69C6816AEB7F2BF99300F19C62AD44AE7344D779AC81CB95
                                      Function 003F91A0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 393COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004B23D8,?,003F9152,?), ref: 003F91BB
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004B23D8,?,003F9152), ref: 003F91C5
                                      • SetLastError.KERNEL32(?,?,?,000000FF,?,00000000), ref: 003F93FD
                                      • OutputDebugStringA.KERNEL32(?,?,?,000000FF,?,00000000), ref: 003F94DB
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 003F94A2
                                      • LOG_FATAL, xrefs: 003F96C7
                                      • ..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 003F94A9
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 003F969E
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 003F9694
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$DebugOutputString
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$LOG_FATAL
                                      • API String ID: 2831144795-1052261432
                                      • Opcode ID: e3aa2effd9ef9114fc7300d49c71c620302ba6e75337509b2e605d8bcf5a9e37
                                      • Instruction ID: e355c426183df320b50f4608f62b4c90c59396bb425423a19d2a44ae3e9b5a32
                                      • Opcode Fuzzy Hash: e3aa2effd9ef9114fc7300d49c71c620302ba6e75337509b2e605d8bcf5a9e37
                                      • Instruction Fuzzy Hash: 20E10174E0021D9FCF16DFA5C880BBEBBB4BF55314F15412BEA05AB292D735A806CB91
                                      Function 0053B3B0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 352COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00549A70: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00549AA7
                                      • SetUnhandledExceptionFilter.KERNEL32(0053B8F0,?,?,?,?,?,?,00000001,00000000,?,--no-periodic-tasks,?,?,?), ref: 0053B489
                                      Strings
                                      • --no-rate-limit, xrefs: 0053B5D7
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 0053B8BA
                                      • --monitor-self-argument=--monitor-self is not supported, xrefs: 0053B451
                                      • ..\..\third_party\crashpad\crashpad\handler\handler_main.cc, xrefs: 0053B43F
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 0053B8B3
                                      • --monitor-self-annotation=%s=%s, xrefs: 0053B7C4
                                      • --no-periodic-tasks, xrefs: 0053B55C
                                      • --no-upload-gzip, xrefs: 0053B62A
                                      • --no-identify-client-via-url, xrefs: 0053B512
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExceptionFileFilterModuleNameUnhandled
                                      • String ID: --monitor-self-annotation=%s=%s$--monitor-self-argument=--monitor-self is not supported$--no-identify-client-via-url$--no-periodic-tasks$--no-rate-limit$--no-upload-gzip$..\..\third_party\crashpad\crashpad\handler\handler_main.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                      • API String ID: 3130446091-567612736
                                      • Opcode ID: fc29364988cc28208356d9ef5ce40f9fa479a31a4d3716d23220c75c8fbbc347
                                      • Instruction ID: be066e9fd41423dac4dc849897ecc9a1200cbc4b753f5fc53d07bcfae7dac74c
                                      • Opcode Fuzzy Hash: fc29364988cc28208356d9ef5ce40f9fa479a31a4d3716d23220c75c8fbbc347
                                      • Instruction Fuzzy Hash: 52E19171D003649BEB21DB21CC41BAABBB5FF55304F0485EAE50AB7291EB70AE85CF51
                                      Function 00402DC0 Relevance: 16.6, Strings: 13, Instructions: 305COMMON
                                      Download Yara Rule
                                      Strings
                                      • xr_compositing, xrefs: 0040301A
                                      • icon_reader, xrefs: 0040304F
                                      • screen_ai, xrefs: 00403088
                                      • no-sandbox, xrefs: 00402DD8
                                      • disable-gpu-sandbox, xrefs: 00402FA4
                                      • nacl-loader, xrefs: 004031E7
                                      • pdf_conversion, xrefs: 0040302E
                                      • print_backend, xrefs: 00403066
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00402FBA
                                      • service-sandbox-type, xrefs: 00402E5C
                                      • gpu-process, xrefs: 00402F8C
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00402FC1
                                      • type, xrefs: 00402DFC
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$disable-gpu-sandbox$gpu-process$icon_reader$nacl-loader$no-sandbox$pdf_conversion$print_backend$screen_ai$service-sandbox-type$type$xr_compositing
                                      • API String ID: 0-1105528107
                                      • Opcode ID: 688ed5d9702c99e8ce61d858fcb9b79e133dec7f6d6c998eacc447c17a3c2e65
                                      • Instruction ID: 3f909ebf372e92cf8275f220a28e2ac18acae113e185e07ba2235449ea0d6cf2
                                      • Opcode Fuzzy Hash: 688ed5d9702c99e8ce61d858fcb9b79e133dec7f6d6c998eacc447c17a3c2e65
                                      • Instruction Fuzzy Hash: 2DA15535D0425387E7008B25D842B367B70AF65380F15863BED5AB72D0EBBC9E59E389
                                      Function 00472DA0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 575COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,004777EB,00000000,00000000), ref: 00472DDD
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,004777EB,00000000,00000000), ref: 00473059
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,004777EB,00000000,00000000), ref: 004730A9
                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,004777EB,00000000,00000000), ref: 004730D3
                                      • __floor_pentium4.LIBCMT ref: 0047310E
                                      • __floor_pentium4.LIBCMT ref: 00473412
                                      Strings
                                      • T[, xrefs: 0047334D
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004733A1
                                      • T[, xrefs: 0047337B
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease__floor_pentium4
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$T[$T[
                                      • API String ID: 1764334464-1499648939
                                      • Opcode ID: f5c00463d7f8dbc2a6a02cedb0684c0f250953cc4f5386d1f892aa7152853e61
                                      • Instruction ID: 1664839456b241ecb62d5c5011b11f69b7659c0a6143a229a39db6c7d74c846d
                                      • Opcode Fuzzy Hash: f5c00463d7f8dbc2a6a02cedb0684c0f250953cc4f5386d1f892aa7152853e61
                                      • Instruction Fuzzy Hash: A7220331B006058FCB18CF69C8812AEB7F2BF99310B19C66AD44AEB305D779ED45DB85
                                      Function 0047C7A0 Relevance: 16.3, APIs: 7, Strings: 2, Instructions: 570COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 0047C98D
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 0047CA68
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047CAB6
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 0047CBF3
                                      • TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 0047CC2C
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,FFFFFFFF,00000000), ref: 0047CCDE
                                        • Part of subcall function 003FD400: TlsSetValue.KERNEL32(00000000,00000000,00000348,00000000,00000000,00000000,?,?,003FD91D), ref: 003FD485
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease$Value
                                      • String ID: first$second
                                      • API String ID: 3402380315-3095674784
                                      • Opcode ID: 0b46141e533bfff696062e35ca5df7f8db364bcdbb2c3514f3a755e5e9e8bb02
                                      • Instruction ID: c5e3c3fe4d4d922841c4827b369cdca589abb0a534e359ad7c243c76cfbdd8f2
                                      • Opcode Fuzzy Hash: 0b46141e533bfff696062e35ca5df7f8db364bcdbb2c3514f3a755e5e9e8bb02
                                      • Instruction Fuzzy Hash: 2532C2716047019FC718DF29C484AAABBE1FF89314F18C62EF5899B391D734E845CB86
                                      Function 004B5ED0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 371threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 004B6354
                                      • GetCurrentThreadId.KERNEL32 ref: 004B6365
                                      • GetCurrentThreadId.KERNEL32 ref: 004B6376
                                      • GetCurrentThreadId.KERNEL32 ref: 004B6387
                                      • GetCurrentThreadId.KERNEL32 ref: 004B63B1
                                      • GetCurrentThreadId.KERNEL32 ref: 004B63C2
                                      • GetCurrentThreadId.KERNEL32 ref: 004B63D3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThread
                                      • String ID: delayed$immediate
                                      • API String ID: 2882836952-2874976446
                                      • Opcode ID: 9bac76ef1e99ff7a073005832bda5a63c4ab9aa7385adec456f09ce1ef2f32bb
                                      • Instruction ID: 00bc61fb32580208e70c5372c2de1e896738ee04e4f7a8ca11da9522e2d78281
                                      • Opcode Fuzzy Hash: 9bac76ef1e99ff7a073005832bda5a63c4ab9aa7385adec456f09ce1ef2f32bb
                                      • Instruction Fuzzy Hash: 8BE118719007808FD324CF38C4547A7BBE1BFA5314F1A8A5ED49A8B352EB38E845CB65
                                      Function 0043F4C0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 357COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 0043F8D8
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0043F8E6
                                      • T[, xrefs: 0043F8AA
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0043F8DF
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$T[
                                      • API String ID: 0-1338922686
                                      • Opcode ID: 8fa278c4b90094e0fda7dab06e43dd6f63f5c3328521a7af2bcdb08032b4ead9
                                      • Instruction ID: ea992df2d3055e3416194abcc24a3b74aac5072cc872099f4ffd4f514981d21c
                                      • Opcode Fuzzy Hash: 8fa278c4b90094e0fda7dab06e43dd6f63f5c3328521a7af2bcdb08032b4ead9
                                      • Instruction Fuzzy Hash: 0CD1F570A003019FDB14DF25D885726BBE1BF59304F14553EE8468B3A2E739F85ACB86
                                      Function 005315D0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 154windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FormatMessageW.KERNEL32(00001300,00000000,00531859,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 005315FB
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00531859,?,?), ref: 00531605
                                        • Part of subcall function 004A0030: GetLastError.KERNEL32 ref: 004A00AC
                                        • Part of subcall function 004A0030: SetLastError.KERNEL32(00000000), ref: 004A00BA
                                        • Part of subcall function 004A0030: SetLastError.KERNEL32(?), ref: 004A017B
                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00531662
                                      Strings
                                      • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 0053160D
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 0053176E
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00531775
                                      • (0x%lX), xrefs: 00531673
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0053177C
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FormatFreeLocalMessage
                                      • String ID: (0x%lX)$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Error (0x%lX) while retrieving error. (0x%lX)
                                      • API String ID: 2740663437-2412322823
                                      • Opcode ID: ed6fbd44b21973f28b41e46815dcb7295f334a235f039c5c3a9d400d2b27712e
                                      • Instruction ID: a1ba5eee7cf23047f79529611a51ccc596851a5f961a281d5079eb30037f9328
                                      • Opcode Fuzzy Hash: ed6fbd44b21973f28b41e46815dcb7295f334a235f039c5c3a9d400d2b27712e
                                      • Instruction Fuzzy Hash: 2041B3B5E006096FEF01DFB1DC86ABF7B79FF59704F084029F805BA111E634AA0497A5
                                      Function 003FCFF0 Relevance: 13.6, APIs: 9, Instructions: 129threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThread.KERNEL32 ref: 003FD046
                                      • GetThreadPriority.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 003FD049
                                      • GetCurrentThread.KERNEL32 ref: 003FD053
                                      • SetThreadPriority.KERNEL32(00000000,00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003FD058
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 003FD0B6
                                      • GetCurrentThread.KERNEL32 ref: 003FD0C1
                                      • SetThreadPriority.KERNEL32(00000000,?), ref: 003FD0CC
                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 003FD0DA
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 003FD1D4
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
                                      • String ID:
                                      • API String ID: 2845919953-0
                                      • Opcode ID: 5887f291eb7b11a005d0c5dc6537a1f7a2e2fac8fd860e50742ecc417babc901
                                      • Instruction ID: 503fd172732730bded65e06bd474ae2f9bddc95603d00048c443bc7f0f1a179d
                                      • Opcode Fuzzy Hash: 5887f291eb7b11a005d0c5dc6537a1f7a2e2fac8fd860e50742ecc417babc901
                                      • Instruction Fuzzy Hash: C651BD759047048FC342DF34EC4646ABBF4FFAA350F048B1EE98A63251EB31A849DB42
                                      Function 004B85F0 Relevance: 13.0, APIs: 2, Strings: 5, Instructions: 750COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 004B8E65
                                      • 0~K, xrefs: 004B871F, 004B887B, 004B872E, 004B8889
                                      • 0~K, xrefs: 004B89D5
                                      • ", xrefs: 004B8617
                                      • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 004B8E5E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: "$..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$0~K$0~K
                                      • API String ID: 4218353326-4104460941
                                      • Opcode ID: b5aaddd266f17e291f175d352324d91c957f6eed383e54c0eb3616293a24389b
                                      • Instruction ID: 7e9732532755b3543a979a747c1430476343a160492e6fc52bff70f6ca6aac36
                                      • Opcode Fuzzy Hash: b5aaddd266f17e291f175d352324d91c957f6eed383e54c0eb3616293a24389b
                                      • Instruction Fuzzy Hash: 7A624B75E002099FCB14CF69D4809AEFBF6BF88314B29856EE419A7351DB34AC05CFA5
                                      Function 003FD620 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 419COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 003FD6D0
                                      • ReleaseSRWLockExclusive.KERNEL32(00000002), ref: 003FD73F
                                        • Part of subcall function 00468000: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00468047
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,AF000000,?,0054D674), ref: 003FD769
                                      • TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 003FD9A2
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 003FDA63
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: first$second
                                      • API String ID: 17069307-3095674784
                                      • Opcode ID: d5621c26f03d78e927139f3d2b8fc59329ba1b095c8f274545aa19cb0ab5d46e
                                      • Instruction ID: d322047ec1b624e63e8a81f856b713141415669c62b888cc5eb0bc0b79f04d4a
                                      • Opcode Fuzzy Hash: d5621c26f03d78e927139f3d2b8fc59329ba1b095c8f274545aa19cb0ab5d46e
                                      • Instruction Fuzzy Hash: 97F1D1756043059FD719DF24C888A2AB7E6FFC8324F15C92DF6998B2A2D730E849CB41
                                      Function 0053B990 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 346COMMON
                                      Download Yara Rule
                                      APIs
                                      • K32GetPerformanceInfo.KERNEL32(00000000,00000038,00000000,00000000), ref: 0053BA5A
                                      • K32GetProcessMemoryInfo.KERNEL32(00000000,?,0000002C), ref: 0053BC23
                                      • GetProcessHandleCount.KERNEL32(00000000,?,00000000,?,0000002C), ref: 0053BC5E
                                        • Part of subcall function 00446E50: DeleteProcThreadAttributeList.KERNEL32(?,-00000008,?,0053BD42,?,?,00000008,00000010,?,?), ref: 00446E5E
                                      Strings
                                      • --monitor-self, xrefs: 0053B9CC
                                      • ..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector, xrefs: 0053BD01
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0053B9E4
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0053B9EB
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: InfoProcess$AttributeCountDeleteHandleListMemoryPerformanceProcThread
                                      • String ID: --monitor-self$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector
                                      • API String ID: 861771794-1135451261
                                      • Opcode ID: 6f1df207d6f476e62c1b15e11101c6d2c59894cce878477b2f2c519a30072ba5
                                      • Instruction ID: 005d8c86074ba429db61d221c904a41a76c5749bf24d32d5e46f05935815da65
                                      • Opcode Fuzzy Hash: 6f1df207d6f476e62c1b15e11101c6d2c59894cce878477b2f2c519a30072ba5
                                      • Instruction Fuzzy Hash: E8C1EF72E006149FDB24DF74D885AAABBA4BF85314F14426DE946EB352EB34ED00CB90
                                      Function 005106AA Relevance: 12.0, APIs: 2, Strings: 4, Instructions: 1483COMMON
                                      Download Yara Rule
                                      APIs
                                      • __floor_pentium4.LIBCMT ref: 005108C1
                                      • GetStringTypeW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 00511CA3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: StringType__floor_pentium4
                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                      • API String ID: 2638037228-2761157908
                                      • Opcode ID: 14fa290a81bf3c3991069088e716807d09f42146e68eda481c9fef5af477df6b
                                      • Instruction ID: bb0f8783c058cbcbb76a6a61c6a045e4cd6d5e77cff2fb8d9f40ff9b02100d52
                                      • Opcode Fuzzy Hash: 14fa290a81bf3c3991069088e716807d09f42146e68eda481c9fef5af477df6b
                                      • Instruction Fuzzy Hash: E2D22871E086298FEB64CE28DD407EABBB5FB44305F1445EAD50DA7280E778AEC18F45
                                      Function 004B7A30 Relevance: 11.3, APIs: 2, Strings: 4, Instructions: 805COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • %s (errno: %d, %s), xrefs: 004B849A
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004B84B0
                                      • PERFETTO_CHECK(false), xrefs: 004B8495
                                      • ..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h, xrefs: 004B8486
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: __floor_pentium4
                                      • String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h$PERFETTO_CHECK(false)
                                      • API String ID: 4168288129-2023842766
                                      • Opcode ID: bbc952acb7bda5436422230b88c7fdb2afb4266a490c2409b797f2023fb3a1e2
                                      • Instruction ID: c508db15d0ff049dfe43e2706382d45afa447d8d367743ea39065e55954f87bb
                                      • Opcode Fuzzy Hash: bbc952acb7bda5436422230b88c7fdb2afb4266a490c2409b797f2023fb3a1e2
                                      • Instruction Fuzzy Hash: D5726B71A046198FDB25CF64C8807EEB7B2BF88314F18856AD81AB7351DB34AD85CF64
                                      Function 004B1E40 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 442COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004B1F8D
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004B20A6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: T[$T[
                                      • API String ID: 17069307-580363808
                                      • Opcode ID: 9f3c1682465fe2849552032b855f7341ba07014aab1a53592bfcfc101342c180
                                      • Instruction ID: 41c278664a8681f6e1bf785ba1e87f94abb4a3328ec3733573cb495b72ac5b7a
                                      • Opcode Fuzzy Hash: 9f3c1682465fe2849552032b855f7341ba07014aab1a53592bfcfc101342c180
                                      • Instruction Fuzzy Hash: 0CF12631E002058BDB14CF64C9916FEB7B6BF95310F68812BE815AB351D778EC42CBA9
                                      Function 0048A8A0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 395threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 0048AC98
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 0048A973, 0048ACFE
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 0048A955, 0048AA01, 0048ACA9
                                      • ..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range, xrefs: 0048ACEF
                                      • ..\..\third_party\libc++\src\include\vector:1539: assertion !empty() failed: vector::pop_back called on an empty vector, xrefs: 0048A964
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThread
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1539: assertion !empty() failed: vector::pop_back called on an empty vector$..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range
                                      • API String ID: 2882836952-3981179074
                                      • Opcode ID: 2fff10a40d789a7eef5bb74e056b1249a8b46cc55a905a3d0865ba8189e575b7
                                      • Instruction ID: 97545191afab13fb82bbc2a615f8d1c5e5a1057522c5f2b173561f4a0d58f8fd
                                      • Opcode Fuzzy Hash: 2fff10a40d789a7eef5bb74e056b1249a8b46cc55a905a3d0865ba8189e575b7
                                      • Instruction Fuzzy Hash: 9DD1F770B006068FDB24DF69C58066EBBF2FB88300B25892FD51697345EB74BC51CB96
                                      Function 00428100 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 316COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 004283FD
                                      • GenuineIntel, xrefs: 00428259
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0042840B
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00428404
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$GenuineIntel
                                      • API String ID: 4218353326-3642438641
                                      • Opcode ID: 543d9146790f6cb497a327272fa65c7923820b04e602a2614862a9ac4f2d9484
                                      • Instruction ID: 199cd1e738c74fa892b750e66a4e29808bba3a949146e299f240d2c9df346d02
                                      • Opcode Fuzzy Hash: 543d9146790f6cb497a327272fa65c7923820b04e602a2614862a9ac4f2d9484
                                      • Instruction Fuzzy Hash: 20B12571E057568FDB18CF69D4403AEBBF0AF28304F04492ED846E7782DA39E905CB58
                                      Function 004B24F0 Relevance: 8.1, Strings: 6, Instructions: 635COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 004B2CA0
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004B2C61
                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004B2C91
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004B2C70
                                      • 1U!S, xrefs: 004B28EA
                                      • 1U!S, xrefs: 004B287A
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S
                                      • API String ID: 4218353326-3107453488
                                      • Opcode ID: 5a56454cf06c660d28fad6110f11e1e85e366a1c9896504b72cddee6dbd52489
                                      • Instruction ID: 5624a865fc9fde261a11bdaa743d0b26caf987f5f24672f37cff537acbc175e1
                                      • Opcode Fuzzy Hash: 5a56454cf06c660d28fad6110f11e1e85e366a1c9896504b72cddee6dbd52489
                                      • Instruction Fuzzy Hash: 5232C571E002158FDB14CF94DA90AEEBBB2FF85314F15811AD809AB345D778BC46CBA9
                                      Function 004132E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 347threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 00413415
                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 0041341E
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 004135C9
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004133E3
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                      • API String ID: 135963836-2888085009
                                      • Opcode ID: ee4dfdc76a019ae352d7c29d7e919e36eb53d9a20b3cbfbd3bbfea74f5f864ba
                                      • Instruction ID: e78f4bb495793ddd68bc2c69de7ba2a90fca2283196c3e411838758ce4e940e1
                                      • Opcode Fuzzy Hash: ee4dfdc76a019ae352d7c29d7e919e36eb53d9a20b3cbfbd3bbfea74f5f864ba
                                      • Instruction Fuzzy Hash: A0C1D571B00204AFCB14CF59D8809AEB7F6BF95711B28856EE409DB301DB34EE81CB59
                                      Function 004B7470 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 346COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004B77DE
                                      • )Y, xrefs: 004B77CA
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: __floor_pentium4
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$)Y
                                      • API String ID: 4168288129-2712837917
                                      • Opcode ID: edac901c07fea6585a3dde9b1dd4de8b2256ee3009cc3483cb6715897f8a3100
                                      • Instruction ID: 213454022d4be723372d64e03d6c77fa5888d12f78fc7d186c006c78917070a7
                                      • Opcode Fuzzy Hash: edac901c07fea6585a3dde9b1dd4de8b2256ee3009cc3483cb6715897f8a3100
                                      • Instruction Fuzzy Hash: 4AD1A570B186098FCB14DF69C4915AEB7F2BFD9310B18C62ED446E7744DB34AC828B65
                                      Function 004F12B0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3f01260ebf20ca4b73e21e52b5d13809ae3c27eb3958df16668cd88b0e5e7c6e
                                      • Instruction ID: b894df8bce5686de42ad4b9e5b4cb6329d25cc8dd918c4106eb953e999176b20
                                      • Opcode Fuzzy Hash: 3f01260ebf20ca4b73e21e52b5d13809ae3c27eb3958df16668cd88b0e5e7c6e
                                      • Instruction Fuzzy Hash: 79022C71E01219DBDF14CFA9C9806AEBBF1FF88314F24826AD619E7350D735A941CB94
                                      Function 004CB380 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 585COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: 0$0
                                      • API String ID: 4218353326-203156872
                                      • Opcode ID: b221b977d78d0ce036acec3cd46a27470233b438c1e48574f83634e54a066d98
                                      • Instruction ID: 42aafbd667622b9729f93f2a7755239e86657a7c875e6cc8986e068a371ee458
                                      • Opcode Fuzzy Hash: b221b977d78d0ce036acec3cd46a27470233b438c1e48574f83634e54a066d98
                                      • Instruction Fuzzy Hash: 5532EF79908745CFC720CF29C481A67B7E5FF99304F248A1EE8958B321E775E806CB86
                                      Function 00484E10 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 517COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004852E7
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: __floor_pentium4
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                      • API String ID: 4168288129-2888085009
                                      • Opcode ID: ea694becfe158aaaadba68703f7a9ef34cf2e4cb567cd76177f48016f72d14fa
                                      • Instruction ID: 81f36cfa2c85938dd8a88722c2b672ffeec794a7ab46bda20518874f433d017b
                                      • Opcode Fuzzy Hash: ea694becfe158aaaadba68703f7a9ef34cf2e4cb567cd76177f48016f72d14fa
                                      • Instruction Fuzzy Hash: 0212E431B04A058FCB18EF69C4906AEF7F2BF99350B18896BD446EB350EB35AC41CB55
                                      Function 00414520 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 155COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00414632
                                      • `RD, xrefs: 004145A4, 00414604, 00414690
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$`RD
                                      • API String ID: 4218353326-483016761
                                      • Opcode ID: 3fb8d5bb4102deece4d7db961d25312fef2a1005d5a71ef38afc6603e0396603
                                      • Instruction ID: 41b47593ec75e5c3bb27bc316a2a94fa68228997316b5adfe317252c52c7e47e
                                      • Opcode Fuzzy Hash: 3fb8d5bb4102deece4d7db961d25312fef2a1005d5a71ef38afc6603e0396603
                                      • Instruction Fuzzy Hash: 2A4194B0D003055FD744DF29A84596BBBF4FF99318B10863FF849AB302EB74A9448B94
                                      Function 00425C50 Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00425E22
                                      • null, xrefs: 00425DFF
                                      • true, xrefs: 00425DB3
                                      • false, xrefs: 00425DB8, 00425DC8
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ___std_exception_destroy
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$false$null$true
                                      • API String ID: 4194217158-3559124831
                                      • Opcode ID: b7bf8bc51dcb8356a5b7d26dc7f7a0a848bd7f1f239c6afb6099bd7cc303ddb9
                                      • Instruction ID: 5e06bd764bcee1def5b36b40f26c4d07615c72274ca28bff2a4bc35b9e643b3a
                                      • Opcode Fuzzy Hash: b7bf8bc51dcb8356a5b7d26dc7f7a0a848bd7f1f239c6afb6099bd7cc303ddb9
                                      • Instruction Fuzzy Hash: D7519070B006258FDB10DF25E849BEE7BA0EF91304F94842EE5479B392D638E905C7A6
                                      Function 004B3B10 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetVersionExW.KERNEL32(?), ref: 004B3B9D
                                      • GetProductInfo.KERNEL32(?,?,00000000,00000000,?), ref: 004B3BB4
                                        • Part of subcall function 004E82C8: AcquireSRWLockExclusive.KERNEL32(005B2800,000000C0,?,?,0047FE69,005C2A10), ref: 004E82D3
                                        • Part of subcall function 004E82C8: ReleaseSRWLockExclusive.KERNEL32(005B2800,?,0047FE69,005C2A10), ref: 004E830D
                                      • GetNativeSystemInfo.KERNEL32(005B440C), ref: 004B3C41
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveInfoLock$AcquireNativeProductReleaseSystemVersion
                                      • String ID:
                                      • API String ID: 1555125601-0
                                      • Opcode ID: 635d28e6e2af5b607a0586eb2c8024ce808a166b8eea2ef21e22f319a44d8ad0
                                      • Instruction ID: 240701c01936a0cfa0e9b36ad7705e7ba3035ed75e9ccf71152a31932d2e9d21
                                      • Opcode Fuzzy Hash: 635d28e6e2af5b607a0586eb2c8024ce808a166b8eea2ef21e22f319a44d8ad0
                                      • Instruction Fuzzy Hash: D53134719002008BCB20DF56FC86BA77B60FB59B19F04432AE90917382D7347969DF96
                                      Function 00504F36 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0050502E
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00505038
                                      • UnhandledExceptionFilter.KERNEL32(-000002A3,?,?,?,?,?,?), ref: 00505045
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                      • String ID:
                                      • API String ID: 3906539128-0
                                      • Opcode ID: d124e0f9edab650e7cfbf6c4fbb58db02449040bd273b359000ebf548b675ab1
                                      • Instruction ID: 62eb64f5913dbe745d310eeb09c6773201cacc599fd000867bb319f3cf0a1108
                                      • Opcode Fuzzy Hash: d124e0f9edab650e7cfbf6c4fbb58db02449040bd273b359000ebf548b675ab1
                                      • Instruction Fuzzy Hash: BE31D27490122D9BCB21DF29D88978DBBB8BF18311F5041EAE41CA72A0EB749F858F44
                                      Function 004C0860 Relevance: 4.3, Strings: 3, Instructions: 506COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 004C0E74
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 004C0D9F
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 004C0D90
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                      • API String ID: 0-3267226576
                                      • Opcode ID: ff44960ef4cb7237b226b5dc1fc9c1ef4aca87f589524510a422bf1155a87b33
                                      • Instruction ID: 3ff8ecf22928a1170b0ea355ed9a54f0cde5a52e1942c08836c0488e0e835147
                                      • Opcode Fuzzy Hash: ff44960ef4cb7237b226b5dc1fc9c1ef4aca87f589524510a422bf1155a87b33
                                      • Instruction Fuzzy Hash: 4A120575A04256CFDF54CF58C891BAEBBA1FF85300F19826ED8456B342C738A942CBD5
                                      Function 004BC390 Relevance: 4.1, Strings: 3, Instructions: 355COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$<?$<?
                                      • API String ID: 0-2182325978
                                      • Opcode ID: 6c16bdc6a02335402121b435c3e5969f548647e27f357968772e7b86f8edf311
                                      • Instruction ID: 714d3ee7090a1fd39d0550f659ec6d45629374533325e23df0147f748f3b2dd6
                                      • Opcode Fuzzy Hash: 6c16bdc6a02335402121b435c3e5969f548647e27f357968772e7b86f8edf311
                                      • Instruction Fuzzy Hash: 67E11776A083119FCB18DF19C1C0A5AF7E2BB88320F1A8A6ED89957355C734FC45CB96
                                      Function 004B2D40 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 439COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 004B3237
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                      • API String ID: 4218353326-3542035028
                                      • Opcode ID: 6e36b0aed8c217e4ac7018550710e48c9090599615a47e1359cb570423e6b0fb
                                      • Instruction ID: fed3530adb29a5b7f4320173ffc97b41bff517be5b7f5f909237afd88e5b4f6f
                                      • Opcode Fuzzy Hash: 6e36b0aed8c217e4ac7018550710e48c9090599615a47e1359cb570423e6b0fb
                                      • Instruction Fuzzy Hash: AAF11570A006058FDB14CF2AC8846A9BBF0FF59304F14465EE84A9F382E778F951CBA5
                                      Function 00475720 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 438COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00475C31
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                      • API String ID: 4218353326-3542035028
                                      • Opcode ID: 71f4977bb6e331c6f70d3d9fe856e27be8fe208431061d90865930359379d3f5
                                      • Instruction ID: b6aa4d31480f961d30567c12b74a148f29da24e1e9be697d07e0ba9c66e47526
                                      • Opcode Fuzzy Hash: 71f4977bb6e331c6f70d3d9fe856e27be8fe208431061d90865930359379d3f5
                                      • Instruction Fuzzy Hash: 13F1C4B0A00A058FDB14CF28D8856AAB7B1FF59304F15866EE8499F341E774F851CB95
                                      Function 00485620 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00485AE8
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00485AE1
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                      • API String ID: 4218353326-2500828650
                                      • Opcode ID: b64379b5d5d69e6f31ca5e3a2fbeb40b29d67fdad71f22bc0b9a444aa99bd2db
                                      • Instruction ID: b028f6a5f190a275d747fb9ce5377acdfbf6a536a7a8bef69f7eb6742569fc34
                                      • Opcode Fuzzy Hash: b64379b5d5d69e6f31ca5e3a2fbeb40b29d67fdad71f22bc0b9a444aa99bd2db
                                      • Instruction Fuzzy Hash: C7120771A00A558FDB04EF14C8806BE7BB2BF94314F29C96BD8569B391D739E902CB94
                                      Function 00478F20 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 004792C2
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004792B3
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                      • API String ID: 0-1100549160
                                      • Opcode ID: e0b2ae380ffc24e3da58f8b77d6cbd54c67bcc91980e7c089c8bad1abeebb3be
                                      • Instruction ID: dd845605d390c64b3049042d602925dc64bd17250136c69b77a515cded6b2128
                                      • Opcode Fuzzy Hash: e0b2ae380ffc24e3da58f8b77d6cbd54c67bcc91980e7c089c8bad1abeebb3be
                                      • Instruction Fuzzy Hash: E2D14A75A083119FC714CF18C48065ABBE2BFC8324F16CA6EE9996B351C775EC45CB86
                                      Function 0049BFC0 Relevance: 2.8, Strings: 2, Instructions: 312COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 0049C328
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 0049C319
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                      • API String ID: 0-112411280
                                      • Opcode ID: 290ccf01560a1b6226f740d1fe60ae20cc45a925049e19acfaf8889927a64d6d
                                      • Instruction ID: 351c69e374c98a9b87d0f017eff70d0e9c9ea69eb9a18cf80489ebb2546a88d2
                                      • Opcode Fuzzy Hash: 290ccf01560a1b6226f740d1fe60ae20cc45a925049e19acfaf8889927a64d6d
                                      • Instruction Fuzzy Hash: C7C11330E147558FD7168F39C89126AFBA1BFDA354F06C32FE98577651E73098828B84
                                      Function 004B8EA0 Relevance: 2.0, Strings: 1, Instructions: 716COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: __next_prime overflow
                                      • API String ID: 0-822664188
                                      • Opcode ID: 225c86eb3c92e5074dcef6e8e3c02c613d453310f221e87a2c5b586db20c3136
                                      • Instruction ID: def446df5fe2ee26d474fd4e1696ffa48e4907cb7c65811540f147549b16a1d8
                                      • Opcode Fuzzy Hash: 225c86eb3c92e5074dcef6e8e3c02c613d453310f221e87a2c5b586db20c3136
                                      • Instruction Fuzzy Hash: 7B227A31B001274B8F1CCA2DCCE15AEB297EBD9245B29C57BD40AD7355FE34DC4A82A8
                                      Function 0050EDA5 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0050ED00,?,?,00000008,?,?,005126ED,00000000), ref: 0050EFD2
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExceptionRaise
                                      • String ID:
                                      • API String ID: 3997070919-0
                                      • Opcode ID: 6a5168733e579d53ed5304e4054b615f231c306aa6dc602f7502a9e8ff538e60
                                      • Instruction ID: c7650d1336695b062b64ebdfe1dd3f7ff8ab50cee63cadf2671b25e6087b113b
                                      • Opcode Fuzzy Hash: 6a5168733e579d53ed5304e4054b615f231c306aa6dc602f7502a9e8ff538e60
                                      • Instruction Fuzzy Hash: AEB12D316106099FD725CF28C49AB697FE0FF45364F258A58E99ACF2E2C335E991CB40
                                      Function 004CA7C0 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004CAC35
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds
                                      • API String ID: 0-1033426729
                                      • Opcode ID: 08d358532565cfb3700c8f7c45c86b2f947c656fe29b41a5ef0221ee1b68315e
                                      • Instruction ID: 5735d4ded80e18b8a4e7ab81d4bf683a42142df1ed339ec5511ed4e621ee0299
                                      • Opcode Fuzzy Hash: 08d358532565cfb3700c8f7c45c86b2f947c656fe29b41a5ef0221ee1b68315e
                                      • Instruction Fuzzy Hash: 18C1C939B0021D8FCBB4DE58C4C4F7E72A2BF84318B2A456FC5255B391D6399C62C69B
                                      Function 00476950 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00476C73
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                      • API String ID: 0-2233721302
                                      • Opcode ID: fb1517ff75bd93db3a981a7b100455165d3ddb7df88ce2a1cf2b09d3da62be1d
                                      • Instruction ID: 64c1667b6f2ec4d5336aa6f4b96163b11773e9fe0cd565c5414deea213140da4
                                      • Opcode Fuzzy Hash: fb1517ff75bd93db3a981a7b100455165d3ddb7df88ce2a1cf2b09d3da62be1d
                                      • Instruction Fuzzy Hash: 47D1E675600B018FC724CF29C580A56B7F2FF98310B66CA6ED99A8BB15D774F845CB84
                                      Function 004B5AC0 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 004B5DF2
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
                                      • API String ID: 0-2233721302
                                      • Opcode ID: 45990fdb8fb85a7f7acb2e120965ddaab0c6ffabc27111aaccdbcb9a3ab8c071
                                      • Instruction ID: ef673b284ce63221bd612a6d1523fa88df0456810dee1924c92466ae0b58b285
                                      • Opcode Fuzzy Hash: 45990fdb8fb85a7f7acb2e120965ddaab0c6ffabc27111aaccdbcb9a3ab8c071
                                      • Instruction Fuzzy Hash: 45D12A75A087119FC714DF18C48065AFBE2FF88324F1A895EE899AB311D774EC42CB92
                                      Function 004789B0 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\optional:785: assertion this->has_value() failed: optional operator-> called on a disengaged value, xrefs: 00478C6A
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\optional:785: assertion this->has_value() failed: optional operator-> called on a disengaged value
                                      • API String ID: 0-3475978879
                                      • Opcode ID: 7cbccaea67234451fdcf304894dbe674d1178591d82097be280523748edbdddd
                                      • Instruction ID: d0249cd7129bd0946b91fcf2ef4cdc68ea646d7b072c58ddee981eedc69f02cf
                                      • Opcode Fuzzy Hash: 7cbccaea67234451fdcf304894dbe674d1178591d82097be280523748edbdddd
                                      • Instruction Fuzzy Hash: C1A115746083019FC718CF29C0949ABB7E2BFD8344F14C92EE58A57761DB34E986CB56
                                      Function 00458EC0 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @Q
                                      • API String ID: 0-136624891
                                      • Opcode ID: 4ac2b112a02c1af83038cfb529f3489f4ab7a361025a5651bccf64bc2e28e47a
                                      • Instruction ID: c811785aef9f105404d5ef86c39061115b475148e406e71e65d7f62baa98d4be
                                      • Opcode Fuzzy Hash: 4ac2b112a02c1af83038cfb529f3489f4ab7a361025a5651bccf64bc2e28e47a
                                      • Instruction Fuzzy Hash: AD413F72A04115CFD714CE2898810BBB763FB99713B19846FDC45AB352DA359C4A9398
                                      Function 003FC650 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 003FC78F
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                      • API String ID: 0-2888085009
                                      • Opcode ID: 1009b321ec75acc95998f789e829c9a9f1408dc838000d5674b0b39154ecb4b2
                                      • Instruction ID: db5051d498c34319209746c75b35af5672cfb8c7b2ecaf2ecaa1c5e977444bfe
                                      • Opcode Fuzzy Hash: 1009b321ec75acc95998f789e829c9a9f1408dc838000d5674b0b39154ecb4b2
                                      • Instruction Fuzzy Hash: B63141755505A20EF3189F25EC2AB3277A2EB85314F2A813ED3178B7E2DB7C9104DB00
                                      Function 0044C480 Relevance: .6, Instructions: 598COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
                                      • Instruction ID: 4825c40a54108ec0306303d016f5f7056d170f39fac62b63892b8bd06759f8ca
                                      • Opcode Fuzzy Hash: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
                                      • Instruction Fuzzy Hash: 182273735417044BE318CE2ECC815C2B3E3AFD822475F857EC926CB796EEB9A6178548
                                      Function 004EDDAD Relevance: .3, Instructions: 333COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e141a27d9e454089a3a0c3ebd36e00c65ca39c4842e3d8735b9df194a9aea4ef
                                      • Instruction ID: ade75a41a411d3d97b61344319d4d103e17591b9e95d82f0f02f2f1c95645308
                                      • Opcode Fuzzy Hash: e141a27d9e454089a3a0c3ebd36e00c65ca39c4842e3d8735b9df194a9aea4ef
                                      • Instruction Fuzzy Hash: AEC1CE30D00AC68FCB24CF6FC48867BBBB1AB15306F14461BD4929B792C379AD06CB59
                                      Function 004ED11C Relevance: .3, Instructions: 318COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76923a0ccf2bdb5249b7fa21c6a0e74c52f48e69596312928167d55d66c68001
                                      • Instruction ID: 166d3399cef06456f0f81c524dada3e2a192bd9f96946a6cad6890a635645d41
                                      • Opcode Fuzzy Hash: 76923a0ccf2bdb5249b7fa21c6a0e74c52f48e69596312928167d55d66c68001
                                      • Instruction Fuzzy Hash: 5AB1F530D0068A8BCB248FAAC9556BFB7B1AF05306F14465FD952A7781C73DED42CB4A
                                      Function 00458060 Relevance: .2, Instructions: 245COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c10c948e2f09096195d9baeeae570942aa493597e6642a0c3e209b0d645ef6b
                                      • Instruction ID: 91be953193c528b4070fec3acfa087447c1e5cd2587a4cb3b724789675622bb4
                                      • Opcode Fuzzy Hash: 1c10c948e2f09096195d9baeeae570942aa493597e6642a0c3e209b0d645ef6b
                                      • Instruction Fuzzy Hash: 35916E75E002298BDB04CEA5C4807AEBBF2BB88351F25815EDC15B7342CB795D4A8BA5
                                      Function 003FEB60 Relevance: .2, Instructions: 171COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d70af9df7a7c0304346a016f2b58ce6c33acb855b0f97aa5096b196a90103f61
                                      • Instruction ID: d42a9a34dee84e4620489dc45e511886055ad2d099a9f31a011611507239239c
                                      • Opcode Fuzzy Hash: d70af9df7a7c0304346a016f2b58ce6c33acb855b0f97aa5096b196a90103f61
                                      • Instruction Fuzzy Hash: 62510570A005098BCB16DF19D890A7AB7A5FF81314F19852DE90A9B3A5DB35FC16C7C1
                                      Function 003FEED0 Relevance: .1, Instructions: 110COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b81a365512f0ee06cafd8c516b8e4fae261cc488e9aa2db85ef73f34fba99e21
                                      • Instruction ID: f95a17fd92063470e18317aef8846beb514818cdfa65aff79bfe16dd8119526c
                                      • Opcode Fuzzy Hash: b81a365512f0ee06cafd8c516b8e4fae261cc488e9aa2db85ef73f34fba99e21
                                      • Instruction Fuzzy Hash: 9931C5B5B002064BD7248F39E855B66B296A7D0308F55463CEA5E8738AFA35F835C782
                                      Function 00402C70 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d40927737fc6a64cfa216c904de60d85a019aaa80a67dec477131d301dbc75d6
                                      • Instruction ID: c856345fa5f9b11fececd465df43f75613f373a2d4be56eb9181982656476c01
                                      • Opcode Fuzzy Hash: d40927737fc6a64cfa216c904de60d85a019aaa80a67dec477131d301dbc75d6
                                      • Instruction Fuzzy Hash: BC317774B001108FDB109F14E919A2A3791EFD4314B0A422AF84AAB3D5E7B8FC21D7D6
                                      Function 003F2B30 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6eb3f823509eb4285fac7843f6c7a29b37b76ebc2251935554c2fa5c58a449bc
                                      • Instruction ID: 728288449d4c8f777b32676c03fd626ee3a4a790f02cd4fbd10ad6eacd858b41
                                      • Opcode Fuzzy Hash: 6eb3f823509eb4285fac7843f6c7a29b37b76ebc2251935554c2fa5c58a449bc
                                      • Instruction Fuzzy Hash: 45310974B002098BCB24DF2ED89593FB7A5EB90314B44452DE946DB39AEA34FC25C792
                                      Function 004E8190 Relevance: .1, Instructions: 76COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                      • Instruction ID: 5b117b078d7382d19ef46b70617e8d99c935862f8c16c77530dd5f1011d7ac2f
                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                      • Instruction Fuzzy Hash: 7E115B772000C243DE04863FDCB46B7E795EBC532372C43BFD1494BB44DE2AA9429608
                                      Function 00471000 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 421COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00471042
                                      • SetLastError.KERNEL32(00000000), ref: 0047104B
                                      • SetLastError.KERNEL32(00000000), ref: 0047105C
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00471109
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00471165
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004711FA
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00471238
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 00471250
                                      • __floor_pentium4.LIBCMT ref: 0047135C
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00471450
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 0047146F
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 0047148B
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00471509
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00471571
                                      Strings
                                      • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 004714C4
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@$Release$CounterPerformanceQuery__floor_pentium4
                                      • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
                                      • API String ID: 739387787-2004180939
                                      • Opcode ID: d3aebdd1a709ff1d40323f7f23161feea14e73172c4284225c1f20ac8cd3f927
                                      • Instruction ID: fa1d68b5f93ae10d62fd4fe64d7138ef243612d7e27ed3dbeffb192655984400
                                      • Opcode Fuzzy Hash: d3aebdd1a709ff1d40323f7f23161feea14e73172c4284225c1f20ac8cd3f927
                                      • Instruction Fuzzy Hash: 1BF1A0706043419FD705DF28C89466BB7E5FF95300F14CA6EE88A9B362E738D889DB46
                                      Function 004A0360 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 420COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 004A03A6
                                      • SetLastError.KERNEL32(00000000), ref: 004A03B0
                                      • SetLastError.KERNEL32(00000000), ref: 004A03C1
                                      • TryAcquireSRWLockExclusive.KERNEL32(0000055F), ref: 004A046E
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004A04CA
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004A055F
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004A059D
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 004A05B5
                                      • __floor_pentium4.LIBCMT ref: 004A06C1
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004A07B5
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004A07D4
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 004A07F0
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004A086E
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004A08D6
                                      Strings
                                      • ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 004A0829
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@$Release$CounterPerformanceQuery__floor_pentium4
                                      • String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
                                      • API String ID: 739387787-2004180939
                                      • Opcode ID: 245b6a9cf8b223e837e294426964c5b4d10c056704bda557cd08f2b54fd7fd37
                                      • Instruction ID: 8771f12f152484196089dc3d219eb8e53ccf90daf1771df09db701632740cff5
                                      • Opcode Fuzzy Hash: 245b6a9cf8b223e837e294426964c5b4d10c056704bda557cd08f2b54fd7fd37
                                      • Instruction Fuzzy Hash: 5EF1A2706083019FD705DF28D89562BB7E5FFA6340F148A2EF88A97361D738D849DB46
                                      Function 0043C8B0 Relevance: 24.4, APIs: 16, Instructions: 427COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: __aullrem$AddressLibraryLoadProc
                                      • String ID:
                                      • API String ID: 3725045012-0
                                      • Opcode ID: bcd7e1c1a49682730986a0961e103213fe376da248b6ca499008600bc83b5787
                                      • Instruction ID: 7342b9fae65e42b304443e07c7899442b8ad78c173a68d1c9077dab0d8feead4
                                      • Opcode Fuzzy Hash: bcd7e1c1a49682730986a0961e103213fe376da248b6ca499008600bc83b5787
                                      • Instruction Fuzzy Hash: A7D1B7B4B043007BDA04AB69CD86F6F7BDAAFD8B05F40891DF1889B2C2DA759C04D756
                                      Function 00402300 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 297libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,chrome.dll,0000000A,?,00000021,?,chrome.dll,0000000A,?,126.0.6478.183,0000000E,?,?,00000004), ref: 004024E1
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008,no-pre-read-main-dll,?,?,00000004), ref: 00402537
                                      • SetProcessShutdownParameters.KERNEL32(0000027F,00000001,?,?,00000004), ref: 00402561
                                      • GetProcAddress.KERNEL32(?,ChromeMain), ref: 0040258D
                                        • Part of subcall function 004028B0: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402658), ref: 0040292B
                                        • Part of subcall function 004028B0: PrefetchVirtualMemory.KERNEL32(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00402937
                                      • GetInstallDetailsPayload.CHROME_ELF(00000004), ref: 00402660
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentProcess$AddressDetailsDirectoryInstallLibraryLoadMemoryParametersPayloadPrefetchProcShutdownVirtual
                                      • String ID: ..\..\chrome\app\main_dll_loader_win.cc$126.0.6478.183$Cannot find module $ChromeMain$Failed to load Chrome DLL from $chrome.dll$no-pre-read-main-dll$type
                                      • API String ID: 1824951502-3802372930
                                      • Opcode ID: b87d4f23f6157fc6ad2b7fb5f8032d84d0699254465de248ccf053409b327236
                                      • Instruction ID: 29916cd4f9ef6bdd50335195cbd131bc7f06712ce5c03867ba8dd1e974ad080f
                                      • Opcode Fuzzy Hash: b87d4f23f6157fc6ad2b7fb5f8032d84d0699254465de248ccf053409b327236
                                      • Instruction Fuzzy Hash: 36B1F470E002659BEF20DF20DD49BAEB775AF55304F0085AAE809772C1EBB85A89CF55
                                      Function 00434B90 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 247COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileVersionInfoSizeW.VERSION(?,00000000,0.0.0.0-devel,0000000D,Chrome,00000006,?,005178B9,?), ref: 00434BF2
                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,00000006,?,005178B9,?), ref: 00434C1B
                                        • Part of subcall function 00434F20: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00434F82
                                        • Part of subcall function 00434F20: GetUserDefaultLangID.KERNEL32(00000000,\VarFileInfo\Translation,?,?), ref: 00434FAE
                                        • Part of subcall function 00434F20: GetUserDefaultLangID.KERNEL32 ref: 00434FB7
                                        • Part of subcall function 00434F20: VerQueryValueW.VERSION(?,?,?,?), ref: 00435023
                                      Strings
                                      • Chrome, xrefs: 00434BB1
                                      • ProductShortName, xrefs: 00434D72
                                      • 0.0.0.0-devel, xrefs: 00434BBF
                                      • Official Build, xrefs: 00434CC8
                                      • SpecialBuild, xrefs: 00434DE5
                                      • extended, xrefs: 00434EF5
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00434EA5
                                      • ProductVersion, xrefs: 00434C46
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00434EAC
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00434E9E
                                      • -devel, xrefs: 00434EC0
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: DefaultFileInfoLangQueryUserValueVersion$Size
                                      • String ID: -devel$..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$0.0.0.0-devel$Chrome$Official Build$ProductShortName$ProductVersion$SpecialBuild$extended
                                      • API String ID: 4255889946-2556447703
                                      • Opcode ID: baf34fd5b899b7972c32200952374545bec346a3a01cdacdc67651cc18631ecf
                                      • Instruction ID: 401b083621af895e912d684a68bf0ce14239258de2e91e1c266c8533afab48a4
                                      • Opcode Fuzzy Hash: baf34fd5b899b7972c32200952374545bec346a3a01cdacdc67651cc18631ecf
                                      • Instruction Fuzzy Hash: 22910770D002558BEF01CF65D842BEE7BB1BF98304F15901BE8057B296E779B984C75A
                                      Function 00404F50 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 353libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000008,00000010,?,?), ref: 00405299
                                      • GetProcAddress.KERNEL32(00000000,SetUnhandledExceptionFilter), ref: 004052A9
                                      Strings
                                      • fallback-handler, xrefs: 004051DD
                                      • SetUnhandledExceptionFilter, xrefs: 004052A3
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 0040510F, 0040530B
                                      • test-child-process, xrefs: 004051F0, 00405320, 00405355
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0040537E
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00405108
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00405377
                                      • kernel32.dll, xrefs: 00405294
                                      • database, xrefs: 00405231
                                      • type, xrefs: 004051E4
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$SetUnhandledExceptionFilter$database$fallback-handler$kernel32.dll$test-child-process$type
                                      • API String ID: 1646373207-3386034524
                                      • Opcode ID: 68d03872a186cd55bd59a89ef2c63ab12ddec3ea688b57c21ff087319cbd9754
                                      • Instruction ID: f564c86e491e19f1a9ed978d69267336a94f25f3625b649c1228062babbfdb06
                                      • Opcode Fuzzy Hash: 68d03872a186cd55bd59a89ef2c63ab12ddec3ea688b57c21ff087319cbd9754
                                      • Instruction Fuzzy Hash: BBC10471E006059BDB10DFA1D885AAFBBB5EF54304F10813AE805BB291EB78A945CF99
                                      Function 004093B0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 176pipefileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNEL32 ref: 004093FB
                                      • SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000), ref: 00409416
                                      • TransactNamedPipe.KERNEL32(00000000,?,00000024,00408ED1,0000000C,?,00000000), ref: 00409439
                                      • GetLastError.KERNEL32 ref: 0040947D
                                      • WaitNamedPipeW.KERNEL32(?,000000FF), ref: 00409497
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: NamedPipe$CreateErrorFileHandleLastStateTransactWait
                                      • String ID: , observed $..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$CreateFile$SetNamedPipeHandleState$TransactNamedPipe$TransactNamedPipe: expected $WaitNamedPipe
                                      • API String ID: 3582518244-2365249698
                                      • Opcode ID: 4db4493857f338871054987148b248e7ba9646cc94513ad307ba413d527d7bbd
                                      • Instruction ID: e9e5b7afdca1fdfbc485120d98769230e2d1f3af4230ef585e20c03f3ac1421c
                                      • Opcode Fuzzy Hash: 4db4493857f338871054987148b248e7ba9646cc94513ad307ba413d527d7bbd
                                      • Instruction Fuzzy Hash: 64510731700300AADF60AB619C0AF6F3B69BBC6704F044126F509762C3DBB45D49CF56
                                      Function 00424680 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 313filelibraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LocalFree.KERNEL32(?), ref: 0042477B
                                      • CreateFileW.KERNEL32 ref: 00424841
                                      • GetLastError.KERNEL32 ref: 00424851
                                      • SetLastError.KERNEL32(00000000), ref: 00424868
                                      • GetModuleHandleW.KERNEL32(00000000,00000000,00000004,00000004), ref: 00424987
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00424993
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressCreateFileFreeHandleLocalModuleProc
                                      • String ID: ..\..\base\win\security_util.cc$AddACEToPath$GetHandleVerifier$ScopedBlockingCall
                                      • API String ID: 24226920-314747623
                                      • Opcode ID: ff054635c6ee95a23a84bdd6634a12a2d0be4f2d6dae7686489fc58523f4f6f6
                                      • Instruction ID: 8d1d875c6faf1bd62e59eb3a8c69adea6da5221848eaae44267a6680d49d2753
                                      • Opcode Fuzzy Hash: ff054635c6ee95a23a84bdd6634a12a2d0be4f2d6dae7686489fc58523f4f6f6
                                      • Instruction Fuzzy Hash: 6BB1F2B1B043609FD710EF24E88576BB7E4EFDA300F44491EF98597241E7389989CB96
                                      Function 0043C730 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 113libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VerSetConditionMask.KERNEL32 ref: 0043C777
                                      • VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 0043C783
                                      • VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 0043C78A
                                      • VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 0043C7AE
                                      • InitializeCriticalSection.KERNEL32(0043C231,?,?,00000020,00000003,?,00000001,00000003), ref: 0043C858
                                        • Part of subcall function 004E82C8: AcquireSRWLockExclusive.KERNEL32(005B2800,000000C0,?,?,0047FE69,005C2A10), ref: 004E82D3
                                        • Part of subcall function 004E82C8: ReleaseSRWLockExclusive.KERNEL32(005B2800,?,0047FE69,005C2A10), ref: 004E830D
                                      • LoadLibraryW.KERNEL32(kernel32.dll,00000003), ref: 0043C7F4
                                      • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0043C804
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc, xrefs: 0043C882
                                      • InitializeCriticalSectionEx, xrefs: 0043C7FE
                                      • kernel32.dll, xrefs: 0043C7EF
                                      • InitializeCriticalSectionEx, xrefs: 0043C894
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ConditionMask$ExclusiveLock$AcquireAddressCriticalInfoInitializeLibraryLoadProcReleaseSectionVerifyVersion
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc$InitializeCriticalSectionEx$InitializeCriticalSectionEx$kernel32.dll
                                      • API String ID: 380373429-2219384513
                                      • Opcode ID: cb778f7d6a8354341e39dd0827f838fe577a7b19d2809a33de4ccf936f4ac22e
                                      • Instruction ID: 47501c9301c93c8b4493a85e2d17cc52ab266bb751e4081e0c113c6998b83b76
                                      • Opcode Fuzzy Hash: cb778f7d6a8354341e39dd0827f838fe577a7b19d2809a33de4ccf936f4ac22e
                                      • Instruction Fuzzy Hash: EC311C70A402046BD7107B61EC4AFFF77A8FF59705F044129F905672C2DB799A18CB95
                                      Function 003F31D0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 358COMMON
                                      Download Yara Rule
                                      APIs
                                      • _strlen.LIBCMT ref: 003F3214
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F3361
                                      • _strlen.LIBCMT ref: 003F33F0
                                      • _strlen.LIBCMT ref: 003F3519
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F3601
                                      Strings
                                      • Other, xrefs: 003F324B, 003F364B
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 003F367C
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 003F366D
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 003F365A
                                      • d, xrefs: 003F35D3
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen$Unothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Other$d
                                      • API String ID: 3295101305-4285599685
                                      • Opcode ID: c64530bc6663f47c4dd930f215a4fd923053bc16d5c2b219285678e357d425df
                                      • Instruction ID: de7cc3b4b463e1e4fd17adbd7e7f8ec236ae3fff4ae40a74888be7cde1842312
                                      • Opcode Fuzzy Hash: c64530bc6663f47c4dd930f215a4fd923053bc16d5c2b219285678e357d425df
                                      • Instruction Fuzzy Hash: 32D1C171A087419FC705DF29C84062FBBE5BFC5710F148A2EF99997390EB74DA048B82
                                      Function 004775E0 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 245COMMON
                                      Download Yara Rule
                                      APIs
                                      • _strlen.LIBCMT ref: 004775FF
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,004B1938,Histogram.MismatchedConstructionArguments,00000000,00591384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 0047773F
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,004B1938,Histogram.MismatchedConstructionArguments,00000000,00591384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00477762
                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,004B1938,Histogram.MismatchedConstructionArguments,00000000,00591384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00477855
                                      • ReleaseSRWLockExclusive.KERNEL32(7FFFFFF7,?,7FFFFFF7,?,7FFFFFF7,?,004B1938,Histogram.MismatchedConstructionArguments,00000000,00591384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 004778D4
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0047788B
                                      • T[, xrefs: 0047787B
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 004778A0
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00477899
                                      • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00477892
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease$_strlen
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$T[
                                      • API String ID: 1657474455-1189913313
                                      • Opcode ID: bd8f3d5c3c1dbfa3704358e237f1d60fa5f40c038484f06a11f6854483a5fcbe
                                      • Instruction ID: 89958f8d227d02cfcc06ea86522a1c5714361ca0fb9fe3a8c015445ea8d0f85a
                                      • Opcode Fuzzy Hash: bd8f3d5c3c1dbfa3704358e237f1d60fa5f40c038484f06a11f6854483a5fcbe
                                      • Instruction Fuzzy Hash: B3811971E042158FDB14EB71C8856EF7BF9AF44704F59802AE80AA7341D739ED05CBAA
                                      Function 004091B0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 158COMMON
                                      Download Yara Rule
                                      APIs
                                      • UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00408DC9), ref: 004091D1
                                      • UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00408DC9), ref: 004091D9
                                      • UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00408DC9), ref: 004091E2
                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,00408DC9), ref: 00409200
                                      • CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00408DC9), ref: 0040922E
                                      • CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00408DC9), ref: 00409258
                                      • CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00408DC9), ref: 00409282
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CloseHandle$UnregisterWait
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                      • API String ID: 1214919099-1704384866
                                      • Opcode ID: 80adcd799c7b30b41c350b9e9cc6a8a9ceab4bdb502034b5f8acb293eb70531f
                                      • Instruction ID: 22910170682b2f99f8b913b47fce79669d2fd5613740dd74fd98dfec0e6abae0
                                      • Opcode Fuzzy Hash: 80adcd799c7b30b41c350b9e9cc6a8a9ceab4bdb502034b5f8acb293eb70531f
                                      • Instruction Fuzzy Hash: E9410471A003056AD720AB629C49E6F7FEDBF85708F04081DF485A72C2DBB9ED45CB65
                                      Function 00434F20 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209COMMON
                                      Download Yara Rule
                                      APIs
                                      • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00434F82
                                      • GetUserDefaultLangID.KERNEL32(00000000,\VarFileInfo\Translation,?,?), ref: 00434FAE
                                      • GetUserDefaultLangID.KERNEL32 ref: 00434FB7
                                      • VerQueryValueW.VERSION(?,?,?,?), ref: 00435023
                                      • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004350A2
                                      • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043511E
                                      • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00435199
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: QueryValue$DefaultLangUser
                                      • String ID: \StringFileInfo\%04hx%04hx\%ls$\VarFileInfo\Translation
                                      • API String ID: 2923350452-4158013653
                                      • Opcode ID: 2d09b7f386104cab713ce5f42d163a9b82f5e7bf4cd9e6d3a0091f56ecd128a1
                                      • Instruction ID: e05aec46907ddfdb9c80a795d4b0b3dd884660f9f5f319bd647ef787d5086d26
                                      • Opcode Fuzzy Hash: 2d09b7f386104cab713ce5f42d163a9b82f5e7bf4cd9e6d3a0091f56ecd128a1
                                      • Instruction Fuzzy Hash: 1871FAB19412186FEB219F61DC89FEB77B8EF58304F0441DAF908A7241E7789E858F54
                                      Function 00433EA0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 204pipeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00434007
                                      • DisconnectNamedPipe.KERNEL32(?), ref: 0043401C
                                      • ConnectNamedPipe.KERNEL32(?,00000000), ref: 00434023
                                      • CloseHandle.KERNEL32(?), ref: 0043404D
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00434084
                                      • ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 004340DE
                                      • Free, xrefs: 00434089
                                      • CloseHandle, xrefs: 004340A6
                                      • ConnectNamedPipe, xrefs: 004340EA
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: NamedPipe$CloseConnectDisconnectErrorHandleLast
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$ConnectNamedPipe$Free
                                      • API String ID: 447347179-3091828373
                                      • Opcode ID: 4c17b2157e74818c2a3caf4ce83aef6c97d9677c2d8ebfceba43c8010478b351
                                      • Instruction ID: 5541e1d84e0e281e19165e0d5dda6368c7114672708c47db8340378aead4e0b2
                                      • Opcode Fuzzy Hash: 4c17b2157e74818c2a3caf4ce83aef6c97d9677c2d8ebfceba43c8010478b351
                                      • Instruction Fuzzy Hash: B1515671F003005BD720AF269846A7B77B5ABD9309F14002BF64697341EB7DF9069B9B
                                      Function 00442570 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 195fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileAttributesW.KERNEL32(00000000,?), ref: 00442683
                                      • GetLastError.KERNEL32 ref: 0044268E
                                      • DeleteFileW.KERNEL32(00000000), ref: 004426D7
                                      • RemoveDirectoryW.KERNEL32(00000000), ref: 004426E4
                                      • SetLastError.KERNEL32(000000A1), ref: 0044270C
                                      • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 004427B6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: File$AttributesErrorLast$DeleteDirectoryRemove
                                      • String ID: ..\..\base\files\file_util_win.cc$DoDeleteFile$ScopedBlockingCall
                                      • API String ID: 3447957730-1263771705
                                      • Opcode ID: d260dea2fc4f670f4f715da34ccc43bb16ad892118059ff778f022447a32b7f6
                                      • Instruction ID: 84c4a763118e4febe2ca01249e8177006618fc4600ef571eea27c5b67732194d
                                      • Opcode Fuzzy Hash: d260dea2fc4f670f4f715da34ccc43bb16ad892118059ff778f022447a32b7f6
                                      • Instruction Fuzzy Hash: 0B619A71A003505FEB109F24C9816AF77D0AFA6314F55852EF8C5A7290DBBCEE49C78A
                                      Function 003F1F90 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 117threadlibraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 003F2130: GetCurrentThreadId.KERNEL32 ref: 003F2145
                                        • Part of subcall function 003F2130: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,003F1E30,?,?,003F1FBD,003F1E30,?,?,003F1E30), ref: 003F214F
                                      • GetCurrentThread.KERNEL32 ref: 003F2026
                                      • IsDebuggerPresent.KERNEL32(003F1E30,?,?,003F1E30,?), ref: 003F204E
                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,003F1E30,?,?,003F1E30,?), ref: 003F208D
                                      • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 003F2099
                                      • GetCurrentThreadId.KERNEL32 ref: 003F2105
                                      Strings
                                      • Kernel32.dll, xrefs: 003F2088
                                      • SetThreadDescription, xrefs: 003F2093
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 003F20EC
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 003F20E5
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThread$AcquireAddressDebuggerExclusiveHandleLockModulePresentProc
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Kernel32.dll$SetThreadDescription
                                      • API String ID: 2807427228-2817593401
                                      • Opcode ID: 4d4fd876a18d33c9e51e001c23e913cde66155a6dac4e9e15f340cedd7e2338d
                                      • Instruction ID: b6bb9171174a4350aeb578f0a613542466957c0679d84abdf1158872be4ea85f
                                      • Opcode Fuzzy Hash: 4d4fd876a18d33c9e51e001c23e913cde66155a6dac4e9e15f340cedd7e2338d
                                      • Instruction Fuzzy Hash: 7E418D72E00216DFDF129B21EC45A7F7B68BB14B40F094129FA06A7292DB39BC04DB91
                                      Function 00400280 Relevance: 15.2, APIs: 10, Instructions: 199COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 004002A5
                                      • WakeAllConditionVariable.KERNEL32(?,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 004002B7
                                      • ReleaseSRWLockExclusive.KERNEL32(FFFFFFFF,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 004002BE
                                      • TryAcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 004002C5
                                      • ReleaseSRWLockExclusive.KERNEL32(FFFFFFFF,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 004002EF
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 00400336
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 0040034D
                                      • AcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 00400359
                                      • AcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 00400365
                                      • AcquireSRWLockExclusive.KERNEL32(?,?,003FBCE8,?,?,?,?,?,?,?,?), ref: 00400421
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
                                      • String ID:
                                      • API String ID: 2824607059-0
                                      • Opcode ID: ffdfe91656d4a74c59e6cf74136fb36d9a5660e29c6a46a0af34354d330b7c06
                                      • Instruction ID: bfd48211a80baee99941df6c179da1eebcab7b50aafae8216fcaa8e01f3347fd
                                      • Opcode Fuzzy Hash: ffdfe91656d4a74c59e6cf74136fb36d9a5660e29c6a46a0af34354d330b7c06
                                      • Instruction Fuzzy Hash: 9D618D31A002158BCB22DF64C885BBFB7B1FF95710F50052AE946B7391C738AD46DB9A
                                      Function 003F2E20 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 307threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 003F2F97
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F2FDA
                                      • GetCurrentThreadId.KERNEL32 ref: 003F30E8
                                      • GetCurrentThreadId.KERNEL32 ref: 003F30F7
                                      • GetCurrentThreadId.KERNEL32 ref: 003F3104
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F3133
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F31A4
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 003F2F1A
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThreadUnothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                      • API String ID: 1687741313-4189810390
                                      • Opcode ID: 264c3d542c3dd037b12ad0359dba2b713090aeea1e1209362f525cce411f8c15
                                      • Instruction ID: 938b7ed369d83d054b229450e617be24748c56a6b987126860fe447ebe3ba02f
                                      • Opcode Fuzzy Hash: 264c3d542c3dd037b12ad0359dba2b713090aeea1e1209362f525cce411f8c15
                                      • Instruction Fuzzy Hash: EAB17B70A0420A9FC709DF18C884A7BBBE5FB98304F15852DE98A9B351DB34ED44DB92
                                      Function 00468290 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 156libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004683E2
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004683EE
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 00468425
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00468431
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
                                      • API String ID: 1646373207-3663164917
                                      • Opcode ID: 53b2bb756d2e76786d9c02d6bf0800126672c9c00f48913a1a0190259e2af993
                                      • Instruction ID: d7d53a6da011cfa51a48feb94c8677600785a9c50f4b53a3c1644a56ac19d53c
                                      • Opcode Fuzzy Hash: 53b2bb756d2e76786d9c02d6bf0800126672c9c00f48913a1a0190259e2af993
                                      • Instruction Fuzzy Hash: 1651C2706043409FD710AF24DC4AB6B77A4BF99704F144A2EF48297291FF78A849DB5B
                                      Function 004084E0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 149threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateEventW.KERNEL32 ref: 0040852C
                                      • CreateEventW.KERNEL32 ref: 00408580
                                      • CreateThread.KERNEL32(00000000,00000000,0045BD20,00000000,00000000,00000000), ref: 004085C9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Create$Event$Thread
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\thread\thread_win.cc$..\..\third_party\crashpad\crashpad\util\win\session_end_watcher.cc$CreateEvent$CreateThread$Start
                                      • API String ID: 2525963256-1853482706
                                      • Opcode ID: e6f4a9428f39a6127d47a34d71439d0cdd5eb5d47ea8faad5e38607edd0d19c5
                                      • Instruction ID: d55fccb1dd573ecf152c2401f3e6347e3d6cca9b100350ec398966399c473c28
                                      • Opcode Fuzzy Hash: e6f4a9428f39a6127d47a34d71439d0cdd5eb5d47ea8faad5e38607edd0d19c5
                                      • Instruction Fuzzy Hash: 82412B71A407046BD720AF345D46B6F3BE9FF85304F05482EF445E6283EF78994A8B5A
                                      Function 004B32B0 Relevance: 13.7, APIs: 9, Instructions: 220sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNEL32(00000000,?,000F4240), ref: 004B333B
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004B3364
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004B33A7
                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 004B342F
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004B346F
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$Sleep
                                      • String ID:
                                      • API String ID: 2381004442-0
                                      • Opcode ID: 62c653456e2fa4b25c5148a324a5b2aa88525f9ee7293f5e1f679cbe1c3ab889
                                      • Instruction ID: 122dd4f008e2013c93065340b3eb65cced671b692ba612781fedf661e3870b50
                                      • Opcode Fuzzy Hash: 62c653456e2fa4b25c5148a324a5b2aa88525f9ee7293f5e1f679cbe1c3ab889
                                      • Instruction Fuzzy Hash: 11817E71608301AFC748DF28D98596BBBE9FBD8340F04892EF589D7361D734E9489B92
                                      Function 0052E520 Relevance: 13.6, APIs: 9, Instructions: 67synchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(crashpad-handler,?,?,?,?,?,?,?,?,?,?,?,005179B4), ref: 0052E542
                                      • TerminateProcess.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,005179B4), ref: 0052E54A
                                      • GetCurrentProcess.KERNEL32 ref: 0052E566
                                      • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 0052E572
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,005179B4), ref: 0052E58E
                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,005179B4), ref: 0052E59E
                                      • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,?,?,?,?,?,?,005179B4), ref: 0052E5AA
                                      • GetCurrentProcess.KERNEL32 ref: 0052E5C9
                                      • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 0052E5D4
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
                                      • String ID:
                                      • API String ID: 2432511979-0
                                      • Opcode ID: c5f9af77ffc03ae49cd27cb33788123500bac33337814815196699658bc26b1e
                                      • Instruction ID: adafe7ac33d5e43c336d3bc5275f6640e59b14de3460657af2f3cedd2bb7f216
                                      • Opcode Fuzzy Hash: c5f9af77ffc03ae49cd27cb33788123500bac33337814815196699658bc26b1e
                                      • Instruction Fuzzy Hash: E821C670B112949FE7209FA4E84D66E7FE4FF17309F184819E442972D0E774D888DB22
                                      Function 004348E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 199registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegisterWaitForSingleObject.KERNEL32(00000000,?,005494F0,00000000,000000FF,00000000), ref: 00434990
                                      • RegisterWaitForSingleObject.KERNEL32(00000000,?,?,00000000,000000FF,00000000), ref: 004349B6
                                      • RegisterWaitForSingleObject.KERNEL32(?,?,00000008,00000000,000000FF,00000008), ref: 004349D8
                                        • Part of subcall function 0045BC60: CloseHandle.KERNEL32(004085FC,?,00000000,00000000,?,004085FC,00000000), ref: 0045BC77
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 00434AB9, 00434B0A, 00434B57
                                      • RegisterWaitForSingleObject crash dump requested, xrefs: 00434ACB
                                      • RegisterWaitForSingleObject non-crash dump requested, xrefs: 00434B1C
                                      • RegisterWaitForSingleObject process end, xrefs: 00434B69
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ObjectRegisterSingleWait$CloseHandle
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end
                                      • API String ID: 2574254514-2013388152
                                      • Opcode ID: e72983c54b1a7da381bfe47a0dc9239a5d2225cba2da69354e768dfa80743a97
                                      • Instruction ID: 5a5ce9ed785f9856e9f246c3f8c0f46e4a5a809ea250ead4794c66116d1300ca
                                      • Opcode Fuzzy Hash: e72983c54b1a7da381bfe47a0dc9239a5d2225cba2da69354e768dfa80743a97
                                      • Instruction Fuzzy Hash: 7D7105B0A00B05AFD720DF26D845B97BBF4BF59304F00422EE54996792E774F994CB8A
                                      Function 00407EB0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 147COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: has duplicate key $ requires KEY=VALUE$, discarding value $..\..\third_party\crashpad\crashpad\handler\handler_main.cc$8q@
                                      • API String ID: 4218353326-658672028
                                      • Opcode ID: e56229b41dbbc3e45a7df34999e27d58167e0875cff28a8acaa7b5d89e860a1a
                                      • Instruction ID: 9078c97be06024d770598979ed8ca3658b3f1fe705e01c970991b5ab9b8968d9
                                      • Opcode Fuzzy Hash: e56229b41dbbc3e45a7df34999e27d58167e0875cff28a8acaa7b5d89e860a1a
                                      • Instruction Fuzzy Hash: A1410BB5D0421966EF20AB629C46FEF7B386F51308F0401BFF40936183E6796A55C7A6
                                      Function 004E90F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,004E916B,004E933A,004E93A2), ref: 004E9107
                                      • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 004E911D
                                      • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 004E9132
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule
                                      • String ID: ,([$AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                      • API String ID: 667068680-3890406738
                                      • Opcode ID: aff1626e5129a8ba5293391cfef5ad0cb9bd3871d3802c3da9628e6142c101ab
                                      • Instruction ID: a9ce84cfb5cec641f9cacdf09c6690d33730526ab2750a096da4bba19596abe8
                                      • Opcode Fuzzy Hash: aff1626e5129a8ba5293391cfef5ad0cb9bd3871d3802c3da9628e6142c101ab
                                      • Instruction Fuzzy Hash: 7CF0A431F41393976B715E625C8D667B6CC6B15792705063AED01E33C1D718CC0AEBE9
                                      Function 00533220 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 335COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,?), ref: 0053350B
                                        • Part of subcall function 00442B00: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00442B92
                                      • GetStartupInfoW.KERNEL32(?,00000000), ref: 005332DD
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 005335A1
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 005335A8
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 005335AF
                                      • source-shortcut, xrefs: 00533307
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentDirectoryErrorInfoLastStartup
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$source-shortcut
                                      • API String ID: 783172407-2813202532
                                      • Opcode ID: e19e4b37cdd4c58ee70c8cc709e022439bab2d5c4c1d5a935e1c6cbb8240e606
                                      • Instruction ID: 1c734d45b1b81e04de96d20c585bc73f6d668459fe356fb0cc63362a10162e97
                                      • Opcode Fuzzy Hash: e19e4b37cdd4c58ee70c8cc709e022439bab2d5c4c1d5a935e1c6cbb8240e606
                                      • Instruction Fuzzy Hash: 92D1CFB0D003149AEF218F61EC45BAEBFB4BF45704F10469DE445AB292E7796B49CF60
                                      Function 00505946 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strrchr
                                      • String ID:
                                      • API String ID: 3213747228-0
                                      • Opcode ID: 7783142af62f6bbaebb193a5bb5dccb2a0c698df62bb349582308dae326eb2db
                                      • Instruction ID: 01e72b13a4643431ab28a7df3a114a8905b92d002e3742f4e052526781928f1c
                                      • Opcode Fuzzy Hash: 7783142af62f6bbaebb193a5bb5dccb2a0c698df62bb349582308dae326eb2db
                                      • Instruction Fuzzy Hash: 74B14632A00B569FEB158F68CC82BAF7FA5FF55310F184155E945AB2C2E274AD41CFA0
                                      Function 00408910 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileInformationByHandleEx.KERNEL32(?,00000002,00000000,00000210), ref: 00408975
                                      • TryAcquireSRWLockExclusive.KERNEL32(00000188,00000000,\\.\pipe,00000008,00000004,00000000), ref: 004089FF
                                        • Part of subcall function 00437C00: CloseHandle.KERNEL32(004083A6), ref: 00437C1A
                                        • Part of subcall function 004348E0: RegisterWaitForSingleObject.KERNEL32(00000000,?,005494F0,00000000,000000FF,00000000), ref: 00434990
                                        • Part of subcall function 004348E0: RegisterWaitForSingleObject.KERNEL32(00000000,?,?,00000000,000000FF,00000000), ref: 004349B6
                                        • Part of subcall function 004348E0: RegisterWaitForSingleObject.KERNEL32(?,?,00000008,00000000,000000FF,00000008), ref: 004349D8
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00408B36
                                      Strings
                                      • GetFileInformationByHandleEx, xrefs: 00408BE5
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00408B97
                                      • \\.\pipe, xrefs: 004089A5
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ObjectRegisterSingleWait$ExclusiveHandleLock$AcquireCloseFileInformationRelease
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$GetFileInformationByHandleEx$\\.\pipe
                                      • API String ID: 1841929329-4152786217
                                      • Opcode ID: bad787223a631eb934e085049b4d07349ca23747d52852bd69db07b090e7afcd
                                      • Instruction ID: 26dc586ebae042860d6a26475f5d7da9e3aec2f5253a0239c6673c562c0a6fe9
                                      • Opcode Fuzzy Hash: bad787223a631eb934e085049b4d07349ca23747d52852bd69db07b090e7afcd
                                      • Instruction Fuzzy Hash: 6E9181B4A003058FDB14DF29C981A5ABBF5BF59304F0485AEE849A7382DB34ED85CF95
                                      Function 004442F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 178COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 004444A7
                                      • ..\..\third_party\libc++\src\include\string:2862: assertion __s != nullptr failed: string::append received nullptr, xrefs: 004444AE
                                      • pc:%p, xrefs: 0044450C
                                      • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 004444A0
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:2862: assertion __s != nullptr failed: string::append received nullptr$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$pc:%p
                                      • API String ID: 4218353326-891714225
                                      • Opcode ID: e6bfb8a1f7c8a3314dddf6d16943c848758a7fa17134dc2481a01e2faf0836ca
                                      • Instruction ID: 4160df16838dee03c7341d1e3fef32610df69c7838832682b03d813d44f50118
                                      • Opcode Fuzzy Hash: e6bfb8a1f7c8a3314dddf6d16943c848758a7fa17134dc2481a01e2faf0836ca
                                      • Instruction Fuzzy Hash: 8F610370C006599FEB01DFA1D841B9FBB71BF96304F19812BF4053B251EB786986CB9A
                                      Function 003F4EF0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(005C3488), ref: 003F4F2A
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 003F4FBC
                                      • TryAcquireSRWLockExclusive.KERNEL32(005C348C), ref: 003F50BD
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 003F50DB
                                      Strings
                                      • 2, xrefs: 003F5013
                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 003F507E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>$2
                                      • API String ID: 17069307-716612548
                                      • Opcode ID: 29425c11755bdb0dcabbdaeb5f25f20bb5ba222c055af20bcd76803b607cf033
                                      • Instruction ID: d6c7575e57baebb7b1022cf400043e18131a77f0b0d4b6a3bbb9dffe47b7ed31
                                      • Opcode Fuzzy Hash: 29425c11755bdb0dcabbdaeb5f25f20bb5ba222c055af20bcd76803b607cf033
                                      • Instruction Fuzzy Hash: 5851BC7090020A8FDB15CF65C484AEFBBB2FF89304F168219D9496B322DB35E846CF90
                                      Function 004C4810 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 150libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004C491F
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004C492B
                                        • Part of subcall function 00518950: _strlen.LIBCMT ref: 00518A26
                                        • Part of subcall function 00518950: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00518A84
                                      Strings
                                      • %s (errno: %d, %s), xrefs: 004C49EB
                                      • PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 004C49E6
                                      • GetHandleVerifier, xrefs: 004C4925
                                      • ..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 004C49D7
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                      • String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")
                                      • API String ID: 1366465500-389051806
                                      • Opcode ID: 43e1ca7123e9174befe61d3456dc9c6d20605fc6bc1bf3750a26d37f3e08f528
                                      • Instruction ID: 062ba016ea4a7e8df710b1700f94d3a0962fb2a710e5beb85af9f872c9663769
                                      • Opcode Fuzzy Hash: 43e1ca7123e9174befe61d3456dc9c6d20605fc6bc1bf3750a26d37f3e08f528
                                      • Instruction Fuzzy Hash: AB51A878A00241AFD750AF20DD56FA77BA5FBD5300F18052EE4468B392DB38BC09CB66
                                      Function 003F9C10 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 146COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetLastError.KERNEL32(00000057), ref: 003F9EC9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ..\..\base\files\file_win.cc$DoInitialize$ScopedBlockingCall
                                      • API String ID: 1452528299-1981113363
                                      • Opcode ID: e1f6f8a8b1bdb24ebceeca61b0437f05e9166ed277bcb2e3d2f2580718bfe25f
                                      • Instruction ID: a709e23e31cc772160180267d4b6cf41cbb199aed94a6952592df66567db61bd
                                      • Opcode Fuzzy Hash: e1f6f8a8b1bdb24ebceeca61b0437f05e9166ed277bcb2e3d2f2580718bfe25f
                                      • Instruction Fuzzy Hash: 1C5123B1A043059FDB11DF24D84676ABBE5FFE5300F14892EFA9687291D7389808DB92
                                      Function 004EABD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                      Download Yara Rule
                                      APIs
                                      • _ValidateLocalCookies.LIBCMT ref: 004EAC07
                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 004EAC0F
                                      • _ValidateLocalCookies.LIBCMT ref: 004EAC98
                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 004EACC3
                                      • _ValidateLocalCookies.LIBCMT ref: 004EAD18
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                      • String ID: csm
                                      • API String ID: 1170836740-1018135373
                                      • Opcode ID: d50df7a14cf7407995d30aa95f52b167e1334881eed7d5d83a5db9b32ea721a0
                                      • Instruction ID: 7e7ec4968acb41414ff53576d1a0e0c3027ee4099857f1430e20bfad64fd6f58
                                      • Opcode Fuzzy Hash: d50df7a14cf7407995d30aa95f52b167e1334881eed7d5d83a5db9b32ea721a0
                                      • Instruction Fuzzy Hash: 9E511530A002599FCF11DF6AC848AAE7FB5BF45315F248056EC156B392C738EE21CB86
                                      Function 004D87D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 145fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • ReplaceFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004D890C
                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004D8916
                                      • MoveFileW.KERNEL32(?,?), ref: 004D8930
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: File$ErrorLastMoveReplace
                                      • String ID: ..\..\base\files\file_util_win.cc$ReplaceFileW$ScopedBlockingCall
                                      • API String ID: 3435996589-3571703075
                                      • Opcode ID: bde60451ec3875e3a92fa70f2102d4b92a8247df53c0e54a01f317ccb2749047
                                      • Instruction ID: 33f29b49a947db2eba76f4e18908d76fcedc8aa466448497853bde8d63c914f2
                                      • Opcode Fuzzy Hash: bde60451ec3875e3a92fa70f2102d4b92a8247df53c0e54a01f317ccb2749047
                                      • Instruction Fuzzy Hash: D65129B0A003405BD720AF24D8A177B77A4AF55714F44452FF9C59B342EB786944C79B
                                      Function 0041FB90 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 139COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string:990: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr, xrefs: 0041FC16
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0041FC1D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:990: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr
                                      • API String ID: 1452528299-3564941561
                                      • Opcode ID: 0730faa739d36c1c6cfbf2f7abbd1dd500a11ca08668448468a5adf83da973da
                                      • Instruction ID: 4d1d9487a56f8a6097d3962f089043c436f50509b96bd9143dc683c0afeef1c2
                                      • Opcode Fuzzy Hash: 0730faa739d36c1c6cfbf2f7abbd1dd500a11ca08668448468a5adf83da973da
                                      • Instruction Fuzzy Hash: 254158716002095FC7105FA5D8845EF7BA8FF95324B24453BEC5543341EB39588AE7A6
                                      Function 0053C890 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 122COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(0053E7C4), ref: 0053C8CE
                                      • IsWow64Process.KERNEL32(00000000,?), ref: 0053C8D6
                                        • Part of subcall function 004E4D10: VirtualFree.KERNEL32(?,0045B1C1,00004000,?,65449514,?,0053E7C4), ref: 004E4DD5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Process$CurrentFreeVirtualWow64
                                      • String ID: $ize$mit$size
                                      • API String ID: 1078977170-2684755539
                                      • Opcode ID: 3790e073d57f6679421c13fa91e096f99217021974f2d0895fe1b3751d0b7ab0
                                      • Instruction ID: 38e16297839a8e77fa9abdfade33aa216c73c2946f1ffcef96bb4a728c577cea
                                      • Opcode Fuzzy Hash: 3790e073d57f6679421c13fa91e096f99217021974f2d0895fe1b3751d0b7ab0
                                      • Instruction Fuzzy Hash: 5041D2B19003049FD7059F25D489AA6BBE8FF89318F1AC47EE4498B312E776D905CB91
                                      Function 0042E220 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateDirectoryW.KERNEL32(00000004,00000000), ref: 0042E245
                                      • GetLastError.KERNEL32 ref: 0042E24F
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 0042E2B5
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0042E354
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0042E34D
                                      • CreateDirectory , xrefs: 0042E2C7
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CreateDirectoryErrorLast
                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateDirectory
                                      • API String ID: 1375471231-3193998906
                                      • Opcode ID: c4921618f5944bb56c606f62912a455389bf602c1cf43ed6092f9dea7b157888
                                      • Instruction ID: a9f30f388d45dc9df84497c01974e06e3dfbd94f8cfc0d862b1e9aa1b81829cd
                                      • Opcode Fuzzy Hash: c4921618f5944bb56c606f62912a455389bf602c1cf43ed6092f9dea7b157888
                                      • Instruction Fuzzy Hash: 31313D31B003349BDB10EA62BC46F6F7768AF45705F4404AAF90ADB242E7295D48876A
                                      Function 004B0D20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000,00000000,00000000), ref: 004B0DEE
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004B0DFA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
                                      • API String ID: 1646373207-3663164917
                                      • Opcode ID: b92e1c3b2661f0f5f294c6a7c28ca2af71ca41298d44d6e5f77f4cf1a8469095
                                      • Instruction ID: 962cefc5b686c55e3b2232b340eaace7198afcfcd28ee5d685711e005bdb6a08
                                      • Opcode Fuzzy Hash: b92e1c3b2661f0f5f294c6a7c28ca2af71ca41298d44d6e5f77f4cf1a8469095
                                      • Instruction Fuzzy Hash: 183129716003409FD700AF64DC46BABB7E8FF9A301F104D1EF58697291E778A909CBA6
                                      Function 005326C0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 98COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 0053279B
                                      • FeatureList-feature-accessed-too-early, xrefs: 005327C9
                                      • true, xrefs: 00532729
                                      • false, xrefs: 0053272E, 00532763
                                      • FeatureList-early-access-allow-list, xrefs: 00532809
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$FeatureList-early-access-allow-list$FeatureList-feature-accessed-too-early$false$true
                                      • API String ID: 4218353326-219429426
                                      • Opcode ID: aa10d00adb577c7bc1ec265796f0fb9aaf56ecac1dff58eb6ed714fafb68d328
                                      • Instruction ID: 64bd5f3d648c27ec21aa18dbf0bea261e27da3f86a664c18a27ffab4a88bc8b9
                                      • Opcode Fuzzy Hash: aa10d00adb577c7bc1ec265796f0fb9aaf56ecac1dff58eb6ed714fafb68d328
                                      • Instruction Fuzzy Hash: 243104B0D00A049FDB20DF66EC46AAE7BA0FB95704F11022AE905172D2EB353D05CFA2
                                      Function 00402150 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(?,?,?,?,FFFFFFFF,00000000,?,00400EE9,?,?), ref: 0040216F
                                      • CreateEventW.KERNEL32 ref: 00402204
                                      • GetLastError.KERNEL32 ref: 0040221A
                                      • SetLastError.KERNEL32 ref: 0040223E
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00402277
                                      • ExitCodeWatcherThread, xrefs: 0040219D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CreateCurrentEventProcess
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$ExitCodeWatcherThread
                                      • API String ID: 2886518480-2863599117
                                      • Opcode ID: 6ccff6dc600538011b50293320c79d0aa76302a3474a6f319ed6a2e4fd286aee
                                      • Instruction ID: ada167c3fe95cbd1af44f5157d8d3803a5f4a4584fed9cd4fa5b318f919d019c
                                      • Opcode Fuzzy Hash: 6ccff6dc600538011b50293320c79d0aa76302a3474a6f319ed6a2e4fd286aee
                                      • Instruction Fuzzy Hash: 0731B270904B458FD710AFB5D58836EBBF0FF55308F01892ED4869B281DBB89589CB86
                                      Function 004B63F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,004B5F61,00000000,00000001,?,?,?,?,?,?), ref: 004B6411
                                      • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 004B6423
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 004B6443
                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 004B64A0
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004B64AC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressCreateEventHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 687412823-1090674830
                                      • Opcode ID: dccfb7c41d0ae453f6a07dfeaae5007f390262d99c9d87559291952f5bdc9989
                                      • Instruction ID: cf497dff09fd9ed16a063e2558c6072771c1e72deb39a6dc41f5f5d26ce9d427
                                      • Opcode Fuzzy Hash: dccfb7c41d0ae453f6a07dfeaae5007f390262d99c9d87559291952f5bdc9989
                                      • Instruction Fuzzy Hash: 4B21EF70A00300AFD720AF74DC89BAB7BA4FB15304F14482AE582C3250DB7C9848DB7A
                                      Function 00458D30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessId.KERNEL32(00000000,?,00591384,..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at,?,00000000,?,004049F2), ref: 00458D92
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00458D6C
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Process
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                      • API String ID: 1235230986-4189810390
                                      • Opcode ID: 0e2db6608d46953e1934815183b1b7ab47328a7d99224243529cdcf469e4442f
                                      • Instruction ID: 3ec89e20b62db5c744ea3041c95fd0115ad13b99727373509c65fd93a7ccd9dd
                                      • Opcode Fuzzy Hash: 0e2db6608d46953e1934815183b1b7ab47328a7d99224243529cdcf469e4442f
                                      • Instruction Fuzzy Hash: D021D4302002096BDB289665D80873737E59BA9312F18446EEE0ADBB92EE69EC4CC655
                                      Function 00401530 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79synchronizationthreadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040154B
                                      • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000001), ref: 004015CE
                                      • CloseHandle.KERNEL32(?), ref: 004015D9
                                      • GetLastError.KERNEL32 ref: 004015FE
                                      Strings
                                      • ..\..\base\threading\platform_thread_win.cc, xrefs: 0040159C
                                      • Join, xrefs: 004015A1
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CloseErrorHandleLastObjectSingleThreadWait
                                      • String ID: ..\..\base\threading\platform_thread_win.cc$Join
                                      • API String ID: 813778123-1746769387
                                      • Opcode ID: f08d99ecad38c6c7b8dc3a29cdc580f65ccbdf29ae94e5f54a2be96175a3d40a
                                      • Instruction ID: ce020eeecf98aca647a1ecb6ffd721a36058d1ac5aef3b3aeb140c8bcfe14401
                                      • Opcode Fuzzy Hash: f08d99ecad38c6c7b8dc3a29cdc580f65ccbdf29ae94e5f54a2be96175a3d40a
                                      • Instruction Fuzzy Hash: 9F212670904340ABD7109F60DC4596FBBF8FF96754F000A2EF98297192E7759548CB93
                                      Function 00401840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,00534480,?,?,?,?,?,?,?,?,?,?,005179B4), ref: 00401858
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,00534480,?,?,?,?,?,?,?,?,?), ref: 00401878
                                      • GetCurrentProcess.KERNEL32(?,?,00534480,?,?,?,?,?,?,?,?,?,?,005179B4), ref: 00401882
                                      • GetModuleHandleW.KERNEL32(00000000,?,00534480,?,?,?,?,?,?,?,?,?,?,005179B4), ref: 004018D7
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004018E3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressCurrentHandleModuleProcProcess
                                      • String ID: GetHandleVerifier
                                      • API String ID: 2162457882-1090674830
                                      • Opcode ID: 53ec490be72e4c908fc40c45331f03be63fb06892616eb53d8a38ad2bfc3771c
                                      • Instruction ID: 840ed9d6b72c8c494a3125844455ccc2907d86f49bbd8e4bcd45702f26f9f19c
                                      • Opcode Fuzzy Hash: 53ec490be72e4c908fc40c45331f03be63fb06892616eb53d8a38ad2bfc3771c
                                      • Instruction Fuzzy Hash: ED21D171A003049FD710AF74DC89B6A7BB4EF55301F14443AF642E73A0DB789948DB6A
                                      Function 0050407E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • FreeLibrary.KERNEL32(00000000,?,0050418D,E0000008,00517B4F,?,E0000008,E8226A54,?,00504018,00000019,AppPolicyGetProcessTerminationMethod,00585560,AppPolicyGetProcessTerminationMethod,E0000008), ref: 0050413F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: FreeLibrary
                                      • String ID: api-ms-$ext-ms-
                                      • API String ID: 3664257935-537541572
                                      • Opcode ID: cc7c1a7771814d2bd21815d7946bffa0b158bd3e3d8e723cc22c03613e9298b5
                                      • Instruction ID: b607d242ec2694ee63eab8210b28be8d63b185d5d7d5d3d52a5250277f9f4c41
                                      • Opcode Fuzzy Hash: cc7c1a7771814d2bd21815d7946bffa0b158bd3e3d8e723cc22c03613e9298b5
                                      • Instruction Fuzzy Hash: 8A21D5B1E01215ABC7219B65DC49A5E3F68BF727A1B250120EE06B72D0E770ED44DED1
                                      Function 0048E000 Relevance: 9.1, APIs: 6, Instructions: 132COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79c4b1049ec946a18058ec0cfc6bb6aa86413127239c5b095a6825abc7958df4
                                      • Instruction ID: e5dab3dcf4737562fbb4af76b0038a1d1e8762c4119415247759f8fa036eccaa
                                      • Opcode Fuzzy Hash: 79c4b1049ec946a18058ec0cfc6bb6aa86413127239c5b095a6825abc7958df4
                                      • Instruction Fuzzy Hash: 2E41A1356002008FD728EF25C88892AB7F2FF997117198C5AD9968B762E735FC46DB44
                                      Function 003F64D0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                      Download Yara Rule
                                      APIs
                                      • AcquireSRWLockExclusive.KERNEL32(005B3714), ref: 003F6504
                                      • ReleaseSRWLockExclusive.KERNEL32(005B3714), ref: 003F6536
                                      • AcquireSRWLockExclusive.KERNEL32(005B3714), ref: 003F6557
                                      • ReleaseSRWLockExclusive.KERNEL32(005B3714), ref: 003F6567
                                      • WakeAllConditionVariable.KERNEL32(005B3718), ref: 003F6572
                                      • ReleaseSRWLockExclusive.KERNEL32(005B3714), ref: 003F658E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Release$Acquire$ConditionVariableWake
                                      • String ID:
                                      • API String ID: 2445866386-0
                                      • Opcode ID: d6b81dbf5e9a498f02d7694752f9f9071cd5bb29d4b4ac6972b9dc59a32f375a
                                      • Instruction ID: e66716ce7bda2ee9a4c1219f0f619d52d15b2a6678198aa5c49c0467ec056ec4
                                      • Opcode Fuzzy Hash: d6b81dbf5e9a498f02d7694752f9f9071cd5bb29d4b4ac6972b9dc59a32f375a
                                      • Instruction Fuzzy Hash: FB21D2B1540709EFCB019F68DC49A9DBFB4FB06725F204165F8066B391DB74AA04CBA2
                                      Function 00501681 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,00000001,00501678,004EAD34,00000011), ref: 0050168F
                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0050169D
                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005016B6
                                      • SetLastError.KERNEL32(00000000), ref: 00501708
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLastValue___vcrt_
                                      • String ID:
                                      • API String ID: 3852720340-0
                                      • Opcode ID: 7504bb0c829693e129aa4298f74633c4ea2dcea64dbcb8e75a865fdee8204ad6
                                      • Instruction ID: 9c78c8a965162dcafbcb5f99587700ef98a7aabc9f07893ceca70afce171d66b
                                      • Opcode Fuzzy Hash: 7504bb0c829693e129aa4298f74633c4ea2dcea64dbcb8e75a865fdee8204ad6
                                      • Instruction Fuzzy Hash: 8101D8325097129EEA1527B9EC8986F3F94FB5677DB24033EF160410E0EF524C85A249
                                      Function 003F2130 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 309threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 003F2145
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,003F1E30,?,?,003F1FBD,003F1E30,?,?,003F1E30), ref: 003F214F
                                      • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,003F1E30,?,?,003F1FBD,003F1E30,?,?,003F1E30), ref: 003F21E4
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 003F2407
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 003F2486
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$CurrentReleaseThread
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                      • API String ID: 1385397084-2888085009
                                      • Opcode ID: ed3c4ba25bbe0fd6f290f4f2bf79b3cbc8b24ccbc96ae20b62697a4b87139a01
                                      • Instruction ID: 40ce3ac7cb6d680aa4d32194a53fe2f8b21a8c3aab6ed147ab0de8e85877561c
                                      • Opcode Fuzzy Hash: ed3c4ba25bbe0fd6f290f4f2bf79b3cbc8b24ccbc96ae20b62697a4b87139a01
                                      • Instruction Fuzzy Hash: C8C1C2B5A00209DFCF15CF69D880A6ABBF5FF58304B15456AEA06EB351E730EC45CB91
                                      Function 003FC1E0 Relevance: 9.1, APIs: 6, Instructions: 52threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThread.KERNEL32 ref: 003FC1F5
                                      • SetThreadPriority.KERNEL32(00000000,00010000), ref: 003FC207
                                        • Part of subcall function 00514320: GetCurrentThread.KERNEL32 ref: 00514323
                                        • Part of subcall function 00514320: GetThreadPriority.KERNEL32(00000000,?,00591384,..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds,?,00000000,?,003FBC66,?,?,?,?,?,?,?,?), ref: 0051432A
                                      • SetThreadPriority.KERNEL32(00000000,7FFFFFFF), ref: 003FC21D
                                      • GetCurrentThread.KERNEL32 ref: 003FC23A
                                      • SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C), ref: 003FC246
                                      • SetThreadPriority.KERNEL32(00000000,00020000), ref: 003FC263
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Thread$Priority$Current$Information
                                      • String ID:
                                      • API String ID: 2516384554-0
                                      • Opcode ID: 9792ff8430bda4038cb13078fb47dd15bbb18ed2c41539701c7e05ac09f1872a
                                      • Instruction ID: 80cf9d264f154568b6e0c9e3a67639b3132108d1285d77c03d7307b1ff41363e
                                      • Opcode Fuzzy Hash: 9792ff8430bda4038cb13078fb47dd15bbb18ed2c41539701c7e05ac09f1872a
                                      • Instruction Fuzzy Hash: E9014EB1A002046BDB115FB4EC1DA6F7BB5FF8A361F010518F617972D1DB34A444CB91
                                      Function 003F8CB0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 206COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 003F8ECE
                                      • AcquireSRWLockExclusive.KERNEL32(?), ref: 003F8ED9
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 003F8EEE
                                      Strings
                                      • ..\..\base\task\sequence_manager\task_queue_impl.cc, xrefs: 003F8D29
                                      • PushOntoDelayedIncomingQueue, xrefs: 003F8D2E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$Release
                                      • String ID: ..\..\base\task\sequence_manager\task_queue_impl.cc$PushOntoDelayedIncomingQueue
                                      • API String ID: 1678258262-2027707633
                                      • Opcode ID: 5628ee01178e0ce9510a06416ffb696887cddc5cfdbeda5462db6deaa15a05f4
                                      • Instruction ID: 9af5c14df3068a5c639949b1e22537ddaa03babd52563045bcf391b24b10a361
                                      • Opcode Fuzzy Hash: 5628ee01178e0ce9510a06416ffb696887cddc5cfdbeda5462db6deaa15a05f4
                                      • Instruction Fuzzy Hash: 6491A070904B45CFC719CF29D4806A6BBF0FFA9304715869ED89A8B752EB30F995CB90
                                      Function 00518950 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147COMMON
                                      Download Yara Rule
                                      APIs
                                      • _strlen.LIBCMT ref: 00518A26
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00518A84
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
                                      • String ID: %s%s %s$[%03u.%03u] $[printf format error]
                                      • API String ID: 2172594012-104471065
                                      • Opcode ID: 8876289e72a29e9ba35fc259864740b970f2dabc092058864734e22f077c5583
                                      • Instruction ID: 61b816c4583f084a2eb55e91a3acbf7f7271cb7b0300f47650d11fdfaba884fd
                                      • Opcode Fuzzy Hash: 8876289e72a29e9ba35fc259864740b970f2dabc092058864734e22f077c5583
                                      • Instruction Fuzzy Hash: 91413CF2D003416BEB14AF259C86A7BBBA9FFC4314F00863DF95986282EF34D5548792
                                      Function 005310C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNEL32 ref: 00531139
                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,debug.log,00000009,?), ref: 00531175
                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005311BF
                                      • CreateFileW.KERNEL32 ref: 0053129B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: File$Create$CurrentDirectoryModuleName
                                      • String ID: debug.log
                                      • API String ID: 4120427848-600467936
                                      • Opcode ID: 617bcd05e5ae1ab23a1863f54de0e08eec08b13c552a51c6050a73b0ac20b651
                                      • Instruction ID: e3aaed7aa223ee936a21624d00876d200e2c651385bfd83cbde07c5b93f57648
                                      • Opcode Fuzzy Hash: 617bcd05e5ae1ab23a1863f54de0e08eec08b13c552a51c6050a73b0ac20b651
                                      • Instruction Fuzzy Hash: 12513630600B409FDB209F75DC49BAA7BA0BF55704F04461DF549972E3DB70A888DBA9
                                      Function 00426B00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 119COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLongPathNameW.KERNEL32(003F9E2B,00000000,00000000), ref: 00426B7E
                                      • GetLongPathNameW.KERNEL32(003F9E2B,00000000,00000000), ref: 00426BB5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: LongNamePath
                                      • String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
                                      • API String ID: 82841172-2989128051
                                      • Opcode ID: 734836525a6816f4ccc49439d1bd618d7bd248ac6f940def097f648e095a6a68
                                      • Instruction ID: a57c6ee97561b67d5e1b39e9163b59b0fe8ec660fee250a241a8ace40152b028
                                      • Opcode Fuzzy Hash: 734836525a6816f4ccc49439d1bd618d7bd248ac6f940def097f648e095a6a68
                                      • Instruction Fuzzy Hash: 874106B1A043516FDB00EF21EC4572BB7A8FFD5304F11861EF89497241E778E9488796
                                      Function 00468AE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,?,003F24DD,?,?,?,?,?,?,?,?,992BC4AE), ref: 00468B10
                                      • SetLastError.KERNEL32(?), ref: 00468B31
                                      • GetModuleHandleW.KERNEL32(00000000,?,?,003F24DD,?,?,?,?,?,?,?,?,992BC4AE), ref: 00468BBA
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00468BC6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1762409328-1090674830
                                      • Opcode ID: b2ad935a44b4987eb60f50a72aaef27a38ae9dea294f9b2cab768e5331147b70
                                      • Instruction ID: f6d66585a623c7029f462bff2e7cb1126f8ddf58a61e3f8727506d9dfc57b8da
                                      • Opcode Fuzzy Hash: b2ad935a44b4987eb60f50a72aaef27a38ae9dea294f9b2cab768e5331147b70
                                      • Instruction Fuzzy Hash: B33183B4900304DFCB10DF64D889B6ABBB1FF19700F14465EF5459B362EB38A845DBA6
                                      Function 003FD200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 003FD22D
                                      • SetLastError.KERNEL32(?), ref: 003FD24D
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 003FD2B3
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 003FD2BF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1762409328-1090674830
                                      • Opcode ID: 027b146f009324a9d1165d995e23e9bd726b55802a044bb137539143c58feb85
                                      • Instruction ID: 43702532a5baa97b6ed78496b8fbbdd8c76a1c8859a3c319e3eaf686272b6fdb
                                      • Opcode Fuzzy Hash: 027b146f009324a9d1165d995e23e9bd726b55802a044bb137539143c58feb85
                                      • Instruction Fuzzy Hash: 0E31D270A00308AFD711AF64D88DB7E7BB6FF1A304F14481AE64297351CB75D845DBA2
                                      Function 00401920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(00000000,?,004017F8,?,?,FFFFFFFF,00000000,?,00400F01), ref: 00401947
                                      • SetLastError.KERNEL32(?,?,?,?,?,004017F8,?,?,FFFFFFFF,00000000,?,00400F01), ref: 00401967
                                      • GetModuleHandleW.KERNEL32(00000000,?,004017F8,?,?,FFFFFFFF,00000000,?,00400F01), ref: 004019CD
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004019D9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1762409328-1090674830
                                      • Opcode ID: f1b7257f615f579a60c17889a9d3bf14f1c9ad8243f0816f1e620dd4673d356f
                                      • Instruction ID: 6a9926d0d41d39a851f7fe4a278937b3d01ece9d09d0afaf732b79d21733f293
                                      • Opcode Fuzzy Hash: f1b7257f615f579a60c17889a9d3bf14f1c9ad8243f0816f1e620dd4673d356f
                                      • Instruction Fuzzy Hash: E931A2B0A003409FDB10AF64D89AB6E7BB1FF16305F14442BE582A73A1C7399845DF6A
                                      Function 003FC370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,?), ref: 003FC382
                                      • SetLastError.KERNEL32(00000000,?,?,?,?,?), ref: 003FC3A2
                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?), ref: 003FC3ED
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 003FC3F9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1762409328-1090674830
                                      • Opcode ID: 384b25f8260dffdcc4c5a38e4392c5fd7b5fafb013fd91d310b6cbd96f75912e
                                      • Instruction ID: ae3fb44345c52df0f575a93135631ac06d5773ec851d43e825366610343c9168
                                      • Opcode Fuzzy Hash: 384b25f8260dffdcc4c5a38e4392c5fd7b5fafb013fd91d310b6cbd96f75912e
                                      • Instruction Fuzzy Hash: 4221E134A502089FC712AF60DD8AB7E77B4FB55341F14442AE602D7251DB399848DB66
                                      Function 004D3710 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,00001010,00001010), ref: 004D3722
                                      • SetLastError.KERNEL32(00000000), ref: 004D3742
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004D378D
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004D3799
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1762409328-1090674830
                                      • Opcode ID: 384b25f8260dffdcc4c5a38e4392c5fd7b5fafb013fd91d310b6cbd96f75912e
                                      • Instruction ID: 9e643fb54aecee76c8fcb663d60746d9466928694a83a56d4cb54161e5a4ba14
                                      • Opcode Fuzzy Hash: 384b25f8260dffdcc4c5a38e4392c5fd7b5fafb013fd91d310b6cbd96f75912e
                                      • Instruction Fuzzy Hash: EA21ACF4600600AFC710AF60DC9AB6A7BB4FB15702F14482BE602D7361DB789949DB6B
                                      Function 004F5EF6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,992BC4AE,E0000008,?,00000000,00580F0F,000000FF,?,004F5FB7,?,?,004F6053,00517B4F), ref: 004F5F2B
                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004F5F3D
                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00580F0F,000000FF,?,004F5FB7,?,?,004F6053,00517B4F), ref: 004F5F5F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressFreeHandleLibraryModuleProc
                                      • String ID: CorExitProcess$mscoree.dll
                                      • API String ID: 4061214504-1276376045
                                      • Opcode ID: 00caf0c3c44470193712930e495d9d41357c1a9ae7b30074b2566af8dc4c455f
                                      • Instruction ID: f3f0427bde65036c7f0f9e94e62a698f240732fc50906d4b8cb97cd13efca015
                                      • Opcode Fuzzy Hash: 00caf0c3c44470193712930e495d9d41357c1a9ae7b30074b2566af8dc4c455f
                                      • Instruction Fuzzy Hash: 23016231D54629AFDB129F50DC09BAEBBB8FB09B15F044526FA11A22D0DB789908CB94
                                      Function 003F3F44 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 003F3FC9
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 003F3FE3
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003F4021
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CounterExclusiveLockPerformanceQueryReleaseUnothrow_t@std@@@__ehfuncinfo$??2@
                                      • String ID:
                                      • API String ID: 1367642695-0
                                      • Opcode ID: 26f37c4a891c1dee09759c29ef470f93bb7e877c22e4651f927338d2379b942e
                                      • Instruction ID: 3ed1b3681fc3be317cd2693bd8acc4987fb6c740f1ec4d06512f808b59d158e8
                                      • Opcode Fuzzy Hash: 26f37c4a891c1dee09759c29ef470f93bb7e877c22e4651f927338d2379b942e
                                      • Instruction Fuzzy Hash: D2516A71A043419FC719CF28D854A2BFBF5FB98300F158A2EF696977A1D734E9448B82
                                      Function 00401780 Relevance: 7.6, APIs: 5, Instructions: 77timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessId.KERNEL32(00000000,?,FFFFFFFF,00000000,?,00400F01), ref: 004017B8
                                      • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,FFFFFFFF,00000000,?,00400F01), ref: 004017E3
                                      • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,?,00400F01), ref: 0040181A
                                      • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,?,00400F01), ref: 00401822
                                      • GetLastError.KERNEL32(?,FFFFFFFF,00000000,?,00400F01), ref: 0040182A
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Process$Current$ErrorLastTimes
                                      • String ID:
                                      • API String ID: 2562579171-0
                                      • Opcode ID: 19c811667751dc65c7a4bae205e0088d9676d8496717941f690b058deb323b1a
                                      • Instruction ID: ec16e2898df68f0b67ce88ebb14a2489d1d843e82aacc3060e0819afe3775876
                                      • Opcode Fuzzy Hash: 19c811667751dc65c7a4bae205e0088d9676d8496717941f690b058deb323b1a
                                      • Instruction Fuzzy Hash: 4521F671A001198FDB54AF64C8586BF7BF9EF55300F04843EE142E72A0EB389944D766
                                      Function 0047F370 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,992BC4AE,?,?,?,?,0047EE3A,?), ref: 0047F540
                                      • ReleaseSRWLockExclusive.KERNEL32(00000001,00000001,?,0047EE3A,?), ref: 0047F5A8
                                        • Part of subcall function 0047AE00: ReleaseSRWLockExclusive.KERNEL32(00000001,00000001), ref: 0047AF04
                                        • Part of subcall function 0047AE00: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 0047AF67
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: :G$ScopedBlockingCall
                                      • API String ID: 17069307-2446058397
                                      • Opcode ID: 1b026a494aab754ea3609a26e2cc87dc7beccd1c490fc93efc3406772b6c29ab
                                      • Instruction ID: 0f6b2055fc3000a96b6e2b8e0c978b6669066a62bf54686a149612cfaa98c159
                                      • Opcode Fuzzy Hash: 1b026a494aab754ea3609a26e2cc87dc7beccd1c490fc93efc3406772b6c29ab
                                      • Instruction Fuzzy Hash: ABA1EF716002019FDB28CF29C884BB6BBF5FF45314F14C56AE81D8B696D738E85ACB84
                                      Function 00409EE0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(0040591C,00000000,?,00000000,?,?,00000000,?,?,?,?,?), ref: 0040A0D6
                                      • ReleaseSRWLockExclusive.KERNEL32(0040591C,00000000,14768B10,?,?,00000000,?,?,?,?,?), ref: 0040A0F9
                                      • AcquireSRWLockExclusive.KERNEL32(0040591C,?,?,00000000,?,?,?,?,?), ref: 0040A116
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$Acquire$Release
                                      • String ID: `RD
                                      • API String ID: 1678258262-1319807085
                                      • Opcode ID: c8ead9f765a3ad788cd6410155de74935145c4dadef6bd39c3625f8a44f7853d
                                      • Instruction ID: e047815c7809db69451a97f044c52c2e5c5837a90b4c6751d73a462dbedd2b98
                                      • Opcode Fuzzy Hash: c8ead9f765a3ad788cd6410155de74935145c4dadef6bd39c3625f8a44f7853d
                                      • Instruction Fuzzy Hash: 87713971E0030A9FCB08CF34D9849AA7776BF99304F14853BE904A7382EB389D55C79A
                                      Function 004AEFB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 004AF219
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 004AF20A
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 004AF1FB
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                      • API String ID: 4218353326-2665691617
                                      • Opcode ID: db02e23a274c97ee4c88311ba911e81c3b130032b474886d304204f014bb6944
                                      • Instruction ID: 3a65d53ee82dfb7fe634b3a7de36152cb55da2a6a1b19150ce97330a16ea6e80
                                      • Opcode Fuzzy Hash: db02e23a274c97ee4c88311ba911e81c3b130032b474886d304204f014bb6944
                                      • Instruction Fuzzy Hash: 50719F75B005168BCB18CBA9C8919BFB7B2BF99300B24843AE405E7741D738ED45CB95
                                      Function 00468000 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00468047
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00468170
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: first$second
                                      • API String ID: 17069307-3095674784
                                      • Opcode ID: e0dac8bf87df727ed246eab8b566f1f187303bdceabebd281dfeb5c80b53d4ab
                                      • Instruction ID: ef309dec806e491718d80fc69f3298a5aa3a0e650d42732320a0f654d49336e7
                                      • Opcode Fuzzy Hash: e0dac8bf87df727ed246eab8b566f1f187303bdceabebd281dfeb5c80b53d4ab
                                      • Instruction Fuzzy Hash: EB51C1716047019FC304CF29C88096BFBE5FF89324F158A2EE59997395EB34E846CB96
                                      Function 00403210 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00403410: ResetEvent.KERNEL32(?), ref: 0040342B
                                        • Part of subcall function 00403410: ResetEvent.KERNEL32(?,00000001), ref: 004034AF
                                        • Part of subcall function 00403410: TryAcquireSRWLockExclusive.KERNEL32(00400A01), ref: 004034B9
                                        • Part of subcall function 00403410: ReleaseSRWLockExclusive.KERNEL32(?), ref: 004034FB
                                      • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 004032A7
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004032DD
                                      Strings
                                      • ..\..\chrome\app\exit_code_watcher_win.cc, xrefs: 0040333F
                                      • StartWatching, xrefs: 00403344
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireEventReleaseReset
                                      • String ID: ..\..\chrome\app\exit_code_watcher_win.cc$StartWatching
                                      • API String ID: 2082994738-1005533984
                                      • Opcode ID: f41c541db979eb380ebb41da585f98eef25048dea048b7af0ea2f5b231418d3d
                                      • Instruction ID: 10a095a2c6fde044948957c3b52e16c915627621e450874c59c4e62602515fbf
                                      • Opcode Fuzzy Hash: f41c541db979eb380ebb41da585f98eef25048dea048b7af0ea2f5b231418d3d
                                      • Instruction Fuzzy Hash: F751D3706007008FC720DF29C885A5ABBF4FF49305B14896ED89A9B792DB74F945CF85
                                      Function 004B6B40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 004B6B85
                                      • TryAcquireSRWLockExclusive.KERNEL32(005B10F0), ref: 004B6BB0
                                      • ReleaseSRWLockExclusive.KERNEL32(005B10F0), ref: 004B6BF1
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 004B6D46
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                      • API String ID: 135963836-4189810390
                                      • Opcode ID: f639974d6c6ae7035d187ddc827bc90fdc5ccad850634d83d5c6a7ad77694d93
                                      • Instruction ID: b4915f078e5f9c26281b1d992ff1da7839a9940ef550183f1d550b35694adeb9
                                      • Opcode Fuzzy Hash: f639974d6c6ae7035d187ddc827bc90fdc5ccad850634d83d5c6a7ad77694d93
                                      • Instruction Fuzzy Hash: 3C51D270904B418BD321CF29C8947A7BBF4FF95304F118A2EE8DA8B352D778A584CB56
                                      Function 00442B00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00442B92
                                      Strings
                                      • ScopedBlockingCall, xrefs: 00442C90
                                      • ..\..\base\files\file_util_win.cc, xrefs: 00442B3C
                                      • GetCurrentDirectoryW, xrefs: 00442B41
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentDirectory
                                      • String ID: ..\..\base\files\file_util_win.cc$GetCurrentDirectoryW$ScopedBlockingCall
                                      • API String ID: 1611563598-3482229333
                                      • Opcode ID: 72af5bec7adfa07f6f4b45c6240cd2d8cdfd8661093d929a137d9da9f2926b34
                                      • Instruction ID: 511114f014b05ae25b09c5cc4a157aa72f7de9006ac39ef4c8a8e769747177ff
                                      • Opcode Fuzzy Hash: 72af5bec7adfa07f6f4b45c6240cd2d8cdfd8661093d929a137d9da9f2926b34
                                      • Instruction Fuzzy Hash: F44126B19043419FE710DF25CC8166FB7E4AF95744F00892EF8C9A7251E778AA488797
                                      Function 00401390 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,0044395C,?,00000000,?,?,?,?,0054179B), ref: 004013E0
                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,0044395C,?,00000000,?,?,?,?,0054179B), ref: 00401410
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: ..\..\base\threading\thread.cc$StopSoon
                                      • API String ID: 17069307-4240870308
                                      • Opcode ID: 643031664c361348f604581c6563dae2de4c33389d82487a028092b2cf0bc5e2
                                      • Instruction ID: 4e3a47ce37f20413ae13781635a7ca609554bb3f66681ef2b0830fd144a60b38
                                      • Opcode Fuzzy Hash: 643031664c361348f604581c6563dae2de4c33389d82487a028092b2cf0bc5e2
                                      • Instruction Fuzzy Hash: EC41E4716003109FC710DF29C884A6BBBE5FF89714F05496EE45A9B3A2D778E905CB86
                                      Function 005313C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 0053150E
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00531507
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00531500
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                      • API String ID: 4218353326-2665691617
                                      • Opcode ID: e053c0e19a6e6e7373e3bd920b0a6736bb9e51cf13648244e93436eded471e59
                                      • Instruction ID: 29eab094d7aa2c245eb2189b794f16646e6dda112d2a190395dc99329a33213e
                                      • Opcode Fuzzy Hash: e053c0e19a6e6e7373e3bd920b0a6736bb9e51cf13648244e93436eded471e59
                                      • Instruction Fuzzy Hash: 62310AF1A0062D5FDF24DB71EC85BAA7B75BB94318F004479E50A57282D630AE84CFA8
                                      Function 0042E370 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileAttributesW.KERNEL32 ref: 0042E393
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$: not a directory$GetFileAttributes
                                      • API String ID: 3188754299-1182343664
                                      • Opcode ID: d437198dc52f3f4edf7f6b66a0d825e748392e65243c17df4d335bc1823e2087
                                      • Instruction ID: 8fd9b3e39d0131c7d0d64e2b1656b008d15ce612144d7a804f24468d3e04301d
                                      • Opcode Fuzzy Hash: d437198dc52f3f4edf7f6b66a0d825e748392e65243c17df4d335bc1823e2087
                                      • Instruction Fuzzy Hash: CB210D75B4072426DB1076667C0BFAF37196F81709F44043AF9096B2C3EAAD5949826A
                                      Function 003F2A60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileSizeEx.KERNEL32(00000000,?,00000000,00000000), ref: 003F2AD4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: FileSize
                                      • String ID: ..\..\base\files\file_win.cc$GetLength$ScopedBlockingCall
                                      • API String ID: 3433856609-1252741873
                                      • Opcode ID: c2ea57d606d2b72c33885eaf31384267c0a791e1fcdb7d234f180b3ec3eb3895
                                      • Instruction ID: f5914da2636ca21d58f4c9bd1bb069ac17ed9c07325520071009c3eabae6e3cc
                                      • Opcode Fuzzy Hash: c2ea57d606d2b72c33885eaf31384267c0a791e1fcdb7d234f180b3ec3eb3895
                                      • Instruction Fuzzy Hash: B721C671A143549FDB009F19DC8296BBBE8FFDA754F10462EF8C597141EBB099088792
                                      Function 00402A10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67filelibraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • UnmapViewOfFile.KERNEL32(?,00000000,?,?,00000001,?,003F25CE,?,?,?,?,?,?,?,?,003F24EF), ref: 00402A22
                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,00000001,?,003F25CE,?,?,?,?,?,?,?,?,003F24EF), ref: 00402A86
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00402A92
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressFileHandleModuleProcUnmapView
                                      • String ID: GetHandleVerifier
                                      • API String ID: 3224599007-1090674830
                                      • Opcode ID: b9934aaadbb3afa66e1de07c02f674ee1ae8e070570e3810a03bcc3257f8bd0a
                                      • Instruction ID: 9ac99d34cbcd39e76b5f1772f25ccab14151ed7f035940e6581cd0cdabb870fc
                                      • Opcode Fuzzy Hash: b9934aaadbb3afa66e1de07c02f674ee1ae8e070570e3810a03bcc3257f8bd0a
                                      • Instruction Fuzzy Hash: 3C1190307002109FD725AB25DD4EB5B77E5FB49305F14092AE107E32E1DBB8A809DF69
                                      Function 004016C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetCurrentDirectoryW.KERNEL32(?,00000000,00000000), ref: 0040172F
                                      Strings
                                      • ScopedBlockingCall, xrefs: 00401765
                                      • ..\..\base\files\file_util_win.cc, xrefs: 004016F7
                                      • SetCurrentDirectoryW, xrefs: 004016FC
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentDirectory
                                      • String ID: ..\..\base\files\file_util_win.cc$ScopedBlockingCall$SetCurrentDirectoryW
                                      • API String ID: 1611563598-623993952
                                      • Opcode ID: b4ef86102baa2ee784850ccdb25eff9ecfc130e1576404092ce09b0301ceb88a
                                      • Instruction ID: 4cd69b4d282c1fe1d64bc24b3df034d146b50d27e84fcf3d491401d6c40a0ed0
                                      • Opcode Fuzzy Hash: b4ef86102baa2ee784850ccdb25eff9ecfc130e1576404092ce09b0301ceb88a
                                      • Instruction Fuzzy Hash: AB1138B1A003805FDB109F21DC4156BFBE8FF96754F004A2EF8D597181E7B4A94987D2
                                      Function 0049DEC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000008,?,?,0043C0E2,?), ref: 0049DF1B
                                      • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 0049DF2B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressLibraryLoadProc
                                      • String ID: ProcessPrng$bcryptprimitives.dll
                                      • API String ID: 2574300362-2667675608
                                      • Opcode ID: 6e5426992294147444a42f22df529ca35caecededb6bb073e315a236d2a712a1
                                      • Instruction ID: ddffa80cba88518cd14946b851b1b05e9d8692285b195c60392c5617fba777d8
                                      • Opcode Fuzzy Hash: 6e5426992294147444a42f22df529ca35caecededb6bb073e315a236d2a712a1
                                      • Instruction Fuzzy Hash: 79014735A402009BCF209F25EC0AA673B69FBA1721B19057AE90687351EB34BC05DE77
                                      Function 004427D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileAttributesW.KERNEL32(00539899,00000000,00000000), ref: 0044283F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID: ..\..\base\files\file_util_win.cc$PathExists$ScopedBlockingCall
                                      • API String ID: 3188754299-3474313534
                                      • Opcode ID: d0a97171045f8b4d37a25200084904eec438e2cb33bd298ff67e53cef8c2d31a
                                      • Instruction ID: de10377dea9cad86347fa46b80fa970a7668e465f88c6bab4345e488c51d83cb
                                      • Opcode Fuzzy Hash: d0a97171045f8b4d37a25200084904eec438e2cb33bd298ff67e53cef8c2d31a
                                      • Instruction Fuzzy Hash: 391133719003405BDB10AF24CC414AFFBA8FF9A720F000B2EF8D597182E7B4A9488792
                                      Function 0047E240 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(005B4540,?,00000000,?,0047DF3E,?,00000000,?,00000000,?,-00000048,?), ref: 0047E24D
                                      • ReleaseSRWLockExclusive.KERNEL32(005B4540,?,00000000,?,0047DF3E,?,00000000,?,00000000,?,-00000048,?), ref: 0047E2A4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: @E[$bitset set argument out of range
                                      • API String ID: 17069307-2629574794
                                      • Opcode ID: 3c34fe9b80720800d45faaa8068d7a10e0cfb81f9f1b217cf4991e43f422922f
                                      • Instruction ID: 0f4ec170384797b95f3f5fc1f7aa94609421ed357221578781c63c04fcbdc31f
                                      • Opcode Fuzzy Hash: 3c34fe9b80720800d45faaa8068d7a10e0cfb81f9f1b217cf4991e43f422922f
                                      • Instruction Fuzzy Hash: BF11AF3360042487C72C0A55E846AFE3B19E7AA314F14C3FBE94BA72D7D674DC41C688
                                      Function 0047B000 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(005B4540,?,?,0047A709,00000002,?,?,?), ref: 0047B00C
                                      • ReleaseSRWLockExclusive.KERNEL32(005B4540,?,0047A709,00000002,?,?,?), ref: 0047B039
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: @E[$bitset reset argument out of range
                                      • API String ID: 17069307-2100727392
                                      • Opcode ID: 1c287ed7eb0f48b770caea8561bc4b8452696479932966fb6020bfecb95df201
                                      • Instruction ID: 913525ffaedd1d3df6ff8768777db94920ac480dcd4fc98ac48750e2f6a132aa
                                      • Opcode Fuzzy Hash: 1c287ed7eb0f48b770caea8561bc4b8452696479932966fb6020bfecb95df201
                                      • Instruction Fuzzy Hash: BA01667250025487CB2C4A18A8057FF3211EB93724B64C21FE97AE76D6D768DC81C6D9
                                      Function 0051028C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00510328,00000000,00000001,?,?,?,?,005101E6,00000002,FlsGetValue,00587188,00587190), ref: 00510299
                                      • GetLastError.KERNEL32(?,00510328,00000000,00000001,?,?,?,?,005101E6,00000002,FlsGetValue,00587188,00587190,00000000,?,00501734), ref: 005102A3
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000000,00501734,?,00514421), ref: 005102CB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: LibraryLoad$ErrorLast
                                      • String ID: api-ms-
                                      • API String ID: 3177248105-2084034818
                                      • Opcode ID: dcc764a029f65143837ec854d598a7ae225609e6171902c2e15a09a4aedff78e
                                      • Instruction ID: a59bd1128fb801c7571fd7d48e12b7efca77dd6bfc5e1ba0610aca4c0bfe78d7
                                      • Opcode Fuzzy Hash: dcc764a029f65143837ec854d598a7ae225609e6171902c2e15a09a4aedff78e
                                      • Instruction Fuzzy Hash: 98E01234A80205B7EA201F50EC0EB5D3E59AB21B90F148020F90CB84E1DBB599D59A45
                                      Function 004FD6F7 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetConsoleOutputCP.KERNEL32(992BC4AE,00000000,00000000,?), ref: 004FD75A
                                        • Part of subcall function 0050A071: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00503434,?,00000000,-00000008), ref: 0050A0D2
                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004FD9AC
                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004FD9F2
                                      • GetLastError.KERNEL32 ref: 004FDA95
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                      • String ID:
                                      • API String ID: 2112829910-0
                                      • Opcode ID: 5fcb00fdade22e9a158795120aa1147e51dcbdc900d1eebbe76f7f09adf9a1aa
                                      • Instruction ID: 355c3131f58759297b135c1e9ba5c4dee623fcd9683fb39365e60cfd786997d4
                                      • Opcode Fuzzy Hash: 5fcb00fdade22e9a158795120aa1147e51dcbdc900d1eebbe76f7f09adf9a1aa
                                      • Instruction Fuzzy Hash: 5CD18C75D04249AFCF15CFE8C8809AEBBB6FF09304F28452AE526EB351D734A946CB54
                                      Function 00403410 Relevance: 6.1, APIs: 4, Instructions: 146COMMON
                                      Download Yara Rule
                                      APIs
                                      • ResetEvent.KERNEL32(?), ref: 0040342B
                                      • ResetEvent.KERNEL32(?,00000001), ref: 004034AF
                                      • TryAcquireSRWLockExclusive.KERNEL32(00400A01), ref: 004034B9
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 004034FB
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: EventExclusiveLockReset$AcquireRelease
                                      • String ID:
                                      • API String ID: 1579669990-0
                                      • Opcode ID: c9ce018ea49c9b6ec3958ef7e972012d93369f4a4053e2bc9a36221c96df0404
                                      • Instruction ID: d78c344c187d2c01d34b9b6d6a9ea0cc66e8a22ddc7b0c5db9b495ca0c85057a
                                      • Opcode Fuzzy Hash: c9ce018ea49c9b6ec3958ef7e972012d93369f4a4053e2bc9a36221c96df0404
                                      • Instruction Fuzzy Hash: 5E5195B1A002159FDB00DF11D884AAABBB4FF54315F05407AE8066B392D779EE05DBE6
                                      Function 004B35A0 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(00000000), ref: 004B35FE
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004B363B
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004B365E
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004B36C2
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                      • String ID:
                                      • API String ID: 374826692-0
                                      • Opcode ID: b82ed2e58ed4d1f25ec25c74a1a72f821fb9509b6a894dce417277742355b235
                                      • Instruction ID: 1b5ad0ddb8c48bbe855feb615ac9fd9fc76b03b029fbab308033d0f9b7ea1c24
                                      • Opcode Fuzzy Hash: b82ed2e58ed4d1f25ec25c74a1a72f821fb9509b6a894dce417277742355b235
                                      • Instruction Fuzzy Hash: BD316D71608301AFC708DF58D889A6BFBE9FBD8300F04892EF585873A1D734A908DB52
                                      Function 00408320 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407F22), ref: 00408367
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 004083BB
                                      • Free, xrefs: 004083C0
                                      • CloseHandle, xrefs: 004083DD
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                      • API String ID: 2962429428-1704384866
                                      • Opcode ID: 9c9cf8f66caac5bdec67c8b64d41358d3b837e3455bd59c22420d123681fb7c8
                                      • Instruction ID: 2f5c4e80bc8cf25be3282f56e74223eee469df1d498264cfb20967aa2fe94d64
                                      • Opcode Fuzzy Hash: 9c9cf8f66caac5bdec67c8b64d41358d3b837e3455bd59c22420d123681fb7c8
                                      • Instruction Fuzzy Hash: AC213EB0A003045BD7309F359C09A6F7BA87F95708F140E2DE9D6672C2EB79E9098795
                                      Function 00536410 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00459D7B,?,004C4967), ref: 0053642B
                                      Strings
                                      • ReportInvalidWaitableEventResult, xrefs: 00536462
                                      • gIL, xrefs: 00536492
                                      • ..\..\base\synchronization\waitable_event_win.cc, xrefs: 0053645D
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ..\..\base\synchronization\waitable_event_win.cc$ReportInvalidWaitableEventResult$gIL
                                      • API String ID: 1452528299-681105156
                                      • Opcode ID: 52e96cd062721dba690d42aab5ec392948061ab5911dbb5630fe7fc569638cdb
                                      • Instruction ID: 4718b760f9bf762f61d65e52ae90f8a0efe39149c0e41ca85d75d3cec413f8aa
                                      • Opcode Fuzzy Hash: 52e96cd062721dba690d42aab5ec392948061ab5911dbb5630fe7fc569638cdb
                                      • Instruction Fuzzy Hash: 0E01A7B1C047059BD701EF21AC0644FB7A4BF55319F400A2DF88617242E775A618CBD7
                                      Function 0045BC60 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNEL32(004085FC,?,00000000,00000000,?,004085FC,00000000), ref: 0045BC77
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 0045BC97
                                      • Free, xrefs: 0045BC9C
                                      • CloseHandle, xrefs: 0045BCB9
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
                                      • API String ID: 2962429428-1704384866
                                      • Opcode ID: 2e40f28a24e1cc22ab5d7bc060773690bd0d2e8ea919079ff5537d9d9938d85b
                                      • Instruction ID: 58d5b78c3b09ad7ba253acd48ee7a9cc6a7100457174a46dfb89bad2c63ebc04
                                      • Opcode Fuzzy Hash: 2e40f28a24e1cc22ab5d7bc060773690bd0d2e8ea919079ff5537d9d9938d85b
                                      • Instruction Fuzzy Hash: 0AF06271F00118678B056AA6AC0ACAF7B28FF86B05B44001DF94A6B282EA68660596E5
                                      Function 0051211B Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,0050C366,00000000,00000001,?,?,?,004FDAE9,?,00000000,00000000), ref: 00512132
                                      • GetLastError.KERNEL32(?,0050C366,00000000,00000001,?,?,?,004FDAE9,?,00000000,00000000,?,?,?,004FD42F,?), ref: 0051213E
                                        • Part of subcall function 00512190: CloseHandle.KERNEL32(FFFFFFFE,0051214E,?,0050C366,00000000,00000001,?,?,?,004FDAE9,?,00000000,00000000,?,?), ref: 005121A0
                                      • ___initconout.LIBCMT ref: 0051214E
                                        • Part of subcall function 00512170: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0051210C,0050C353,?,?,004FDAE9,?,00000000,00000000,?), ref: 00512183
                                      • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,0050C366,00000000,00000001,?,?,?,004FDAE9,?,00000000,00000000,?), ref: 00512163
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                      • String ID:
                                      • API String ID: 2744216297-0
                                      • Opcode ID: f891455857cf74067f38a1738ea7f51f5d6cab3a72dfbb0ae82c3306412d246f
                                      • Instruction ID: f9f15ccf7d0de2e971d6c2f95c14b841927682b8a64b8a00a9a14b53d48efe96
                                      • Opcode Fuzzy Hash: f891455857cf74067f38a1738ea7f51f5d6cab3a72dfbb0ae82c3306412d246f
                                      • Instruction Fuzzy Hash: DDF01C36540125BBCF226FE1DC08ACE3F66FB593A0F058110FB0995120D73289A0EB91
                                      Function 003F8A20 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 232threadtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThread.KERNEL32 ref: 003F8BF9
                                      • QueryThreadCycleTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F8C0C
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string:2502: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr, xrefs: 003F8BC2
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Thread$CurrentCycleQueryTime
                                      • String ID: ..\..\third_party\libc++\src\include\string:2502: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr
                                      • API String ID: 2290024384-1286669872
                                      • Opcode ID: e43d395d8c110be2367564454188c830c47f93de63250ef85ecf932076a6888b
                                      • Instruction ID: e7038a1b9e3e6fa73019ee3209c788b50ef0dd155977418801e2c464018bfa5c
                                      • Opcode Fuzzy Hash: e43d395d8c110be2367564454188c830c47f93de63250ef85ecf932076a6888b
                                      • Instruction Fuzzy Hash: 3671E5B1A0061A9BCB16CF68C8854BFBBB9FF94354B15851EE95697351EB30AC01C790
                                      Function 003FE6E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 003FE915
                                      • ..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 003FE90E
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
                                      • API String ID: 4218353326-1580066018
                                      • Opcode ID: a960699e92a7ac7998b6dbd328a6587ae9ffbb9c9809626c1602cfd56f1ee88e
                                      • Instruction ID: 56cf20901cddeb1500d04e4858d79634672211af9d74eb1b5bce7366b123d4bd
                                      • Opcode Fuzzy Hash: a960699e92a7ac7998b6dbd328a6587ae9ffbb9c9809626c1602cfd56f1ee88e
                                      • Instruction Fuzzy Hash: 2071D370E002099FCB05DF69D8849AEBBB6FF88304F15C06AE915AB365D734AC04CFA5
                                      Function 00517810 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 165COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0051784A
                                        • Part of subcall function 00434B90: GetFileVersionInfoSizeW.VERSION(?,00000000,0.0.0.0-devel,0000000D,Chrome,00000006,?,005178B9,?), ref: 00434BF2
                                        • Part of subcall function 00434B90: GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,00000006,?,005178B9,?), ref: 00434C1B
                                      Strings
                                      • ..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00517A2F
                                      • ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00517A36
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: File$InfoVersion$ModuleNameSize
                                      • String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                      • API String ID: 4070046241-2500828650
                                      • Opcode ID: 377bae7231aa09fa54e23d9d4ab07055523640f8da65b1f5a14f99368c9ce70d
                                      • Instruction ID: 4b2e1ad1123d18820e4588e073617e55268fa98e3204206fc62a47aebb110047
                                      • Opcode Fuzzy Hash: 377bae7231aa09fa54e23d9d4ab07055523640f8da65b1f5a14f99368c9ce70d
                                      • Instruction Fuzzy Hash: DB51ACB1D0026DABDF209F669C89BDEBB74BF59704F0480E9E40966101E639AFD4CB84
                                      Function 004E8BCA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetConsoleCtrlHandler.KERNEL32(005001E0,00000001,005ADD20,00000014,0043C296,00000016,00549D70,?,?,?,?,00000000,?,?), ref: 004E8D00
                                      • GetLastError.KERNEL32(?,?,?,?,00000000,?,?), ref: 004E8D13
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ConsoleCtrlErrorHandlerLast
                                      • String ID: CX
                                      • API String ID: 3113525192-2045270770
                                      • Opcode ID: e541d3ec54cc17e1d6f7143bd5630d75ea7657945a08887eb9f585ed8ca7fb6b
                                      • Instruction ID: 1cbcab3c0a78655afd9565f6d795e177c835f0e8e3aa99ab250b84ecf16c1672
                                      • Opcode Fuzzy Hash: e541d3ec54cc17e1d6f7143bd5630d75ea7657945a08887eb9f585ed8ca7fb6b
                                      • Instruction Fuzzy Hash: F4412A71E01286CECF359F6ADC8566E77A1AB62306B24006FE409A73D0DF389D80C76D
                                      Function 004B5970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 004B5A90
                                      • GetCurrentThreadId.KERNEL32 ref: 004B5A9F
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 004B5A81
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: CurrentThread
                                      • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                      • API String ID: 2882836952-2888085009
                                      • Opcode ID: b4d848642402525cbff0d7d1e9a5b2ed06e3fecb262f31e59a7f4c4f33609ce5
                                      • Instruction ID: 408b455d1e32affef190e02585fc498867f882b6770f68ba0129445a9756ff1c
                                      • Opcode Fuzzy Hash: b4d848642402525cbff0d7d1e9a5b2ed06e3fecb262f31e59a7f4c4f33609ce5
                                      • Instruction Fuzzy Hash: 0841E771A006159FCB14CF19D880AEAF7B1FF89354F19856AF819AB351D734EC00CBA4
                                      Function 003F4C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(005B44BC,?,00000000,?,00477842,?,?,?,?,7FFFFFF7,?), ref: 003F4CFB
                                      • ReleaseSRWLockExclusive.KERNEL32(005B44BC,..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap,?,?,?,?,00477842,?,?,?,?,7FFFFFF7,?), ref: 003F4D77
                                        • Part of subcall function 004E82C8: AcquireSRWLockExclusive.KERNEL32(005B2800,000000C0,?,?,0047FE69,005C2A10), ref: 004E82D3
                                        • Part of subcall function 004E82C8: ReleaseSRWLockExclusive.KERNEL32(005B2800,?,0047FE69,005C2A10), ref: 004E830D
                                        • Part of subcall function 004E8317: AcquireSRWLockExclusive.KERNEL32(005B2800,?,?,00517C0E,005B3538,?,?,00517B98), ref: 004E8321
                                        • Part of subcall function 004E8317: ReleaseSRWLockExclusive.KERNEL32(005B2800,?,00517C0E,005B3538,?,?,00517B98), ref: 004E8354
                                        • Part of subcall function 004E8317: WakeAllConditionVariable.KERNEL32(005B27FC,?,00517C0E,005B3538,?,?,00517B98), ref: 004E835F
                                      Strings
                                      • ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 003F4DCF
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
                                      • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
                                      • API String ID: 4258034872-2510419621
                                      • Opcode ID: 26715d384f749c30ca8692226ce2f04d2a610a6841f4b100776d4049e2ed635b
                                      • Instruction ID: 0aeee99f0fb5cdd7306374d8aeeedb28b54eaec04d7b4ac12a88acd8ec028e45
                                      • Opcode Fuzzy Hash: 26715d384f749c30ca8692226ce2f04d2a610a6841f4b100776d4049e2ed635b
                                      • Instruction Fuzzy Hash: 1D4104719002589BCF20DBA5E881BEB7BF5BB54318F15422DE90567282C73A7D14CFA5
                                      Function 00514170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: ... (message truncated)$[%s : %d] RAW:
                                      • API String ID: 4218353326-3262997248
                                      • Opcode ID: 80777e19860234a5fee6170f0db25e700ee7929faec669c18ffc4b94c1945841
                                      • Instruction ID: ebb1498b83c20b70cfb4f95ed0969be026504a1766a8563aebf4680a069163ec
                                      • Opcode Fuzzy Hash: 80777e19860234a5fee6170f0db25e700ee7929faec669c18ffc4b94c1945841
                                      • Instruction Fuzzy Hash: 9431E6B690122A6BEF109E61DC46EDA7F7DFF94308F0044A9F909A7181EB345E84CF90
                                      Function 00549A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00549AA7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: FileModuleName
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc$GetModuleFileName
                                      • API String ID: 514040917-708485756
                                      • Opcode ID: 98d45a2d6489577211793edba25bcc2150a8fb41854ccb30a0a087c1eb444992
                                      • Instruction ID: d5a0f3aa956ec34e7375a27517521460b80355714db91718d72205602487babd
                                      • Opcode Fuzzy Hash: 98d45a2d6489577211793edba25bcc2150a8fb41854ccb30a0a087c1eb444992
                                      • Instruction Fuzzy Hash: 3E21DB71B4031866DF60B6626C8BFFF3B1DEB85708F04046AFA096B2C3DF68994485D6
                                      Function 003F4DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      • TryAcquireSRWLockExclusive.KERNEL32(005C3488), ref: 003F4E14
                                      • ReleaseSRWLockExclusive.KERNEL32(?), ref: 003F4E8D
                                      Strings
                                      • ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 003F4EC4
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExclusiveLock$AcquireRelease
                                      • String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
                                      • API String ID: 17069307-1005156258
                                      • Opcode ID: 8c9f909c35feadd7a82cb1ec52be03f322d1ddcc72b1bffdca1d157e0e0a61fc
                                      • Instruction ID: 75812d4159cb129a0dbca121abd744d05591576a8019b27444909a579a846fe4
                                      • Opcode Fuzzy Hash: 8c9f909c35feadd7a82cb1ec52be03f322d1ddcc72b1bffdca1d157e0e0a61fc
                                      • Instruction Fuzzy Hash: 78318D30A0014A9FDB02CF24C894AFBBBB5FF69318F198555E6449B241D732D956CB90
                                      Function 00517A60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • length_error was thrown in -fno-exceptions mode with message "%s", xrefs: 00517A66
                                      • bad_array_new_length was thrown in -fno-exceptions mode, xrefs: 00517A73
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: _strlen
                                      • String ID: bad_array_new_length was thrown in -fno-exceptions mode$length_error was thrown in -fno-exceptions mode with message "%s"
                                      • API String ID: 4218353326-980162239
                                      • Opcode ID: 524ee51d55a13034032c4a2c84548185096aa2a18ed80978183b7900ba73dde3
                                      • Instruction ID: 6403df0f991904fd63655aedc1857fe03c60221e493a2276da38a074306fdebb
                                      • Opcode Fuzzy Hash: 524ee51d55a13034032c4a2c84548185096aa2a18ed80978183b7900ba73dde3
                                      • Instruction Fuzzy Hash: 2301E1A580470D3BEA2076626C0AF9B3F6CAB85714F000924FA451B283AA74A94486F6
                                      Function 00402970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00402A10: UnmapViewOfFile.KERNEL32(?,00000000,?,?,00000001,?,003F25CE,?,?,?,?,?,?,?,?,003F24EF), ref: 00402A22
                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,00000000,?,0040294A,?,?), ref: 004029CD
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004029D9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressFileHandleModuleProcUnmapView
                                      • String ID: GetHandleVerifier
                                      • API String ID: 3224599007-1090674830
                                      • Opcode ID: e07219336345922e9545a8470feb9ba2c928d728e5edd5c89fbd0b6c8d0e4dae
                                      • Instruction ID: 6d70c8f37230da639ff705d1563d247092b14da24287da83764aa8bb834f1066
                                      • Opcode Fuzzy Hash: e07219336345922e9545a8470feb9ba2c928d728e5edd5c89fbd0b6c8d0e4dae
                                      • Instruction Fuzzy Hash: 20012B717003009FD7606B25DD4DB6B77D9FB45314F14093AE103E72D0CAB8A805DA6A
                                      Function 004D69F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: GetHandleVerifier
                                      • API String ID: 0-1090674830
                                      • Opcode ID: 0474e0774d1c5e9e8ea8a071690cba9b7c21fc4fc42d0d8453cdb6881b11cc8a
                                      • Instruction ID: 1bbe9d04587725d4c405e5c408f3bb5f7cf5f61170ab0eda325ef90e89baf92d
                                      • Opcode Fuzzy Hash: 0474e0774d1c5e9e8ea8a071690cba9b7c21fc4fc42d0d8453cdb6881b11cc8a
                                      • Instruction Fuzzy Hash: B3014771600200AFDB106B65EC5EB6B37A9FB56301F5A442FF142E73A0DB789C09DB66
                                      Function 003FD300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 003FD34F
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 003FD35B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1646373207-1090674830
                                      • Opcode ID: 2ee06e2c9e3f803a5a43f354b6e76ca9a4d442cbdda26881e3b24c14716ba86d
                                      • Instruction ID: b9194158e235c4a1edd9359cf2fe62554e1cee2240b70742fee8a9c66a543c41
                                      • Opcode Fuzzy Hash: 2ee06e2c9e3f803a5a43f354b6e76ca9a4d442cbdda26881e3b24c14716ba86d
                                      • Instruction Fuzzy Hash: CB01D479600304AFD7116B65EC4EB7A77AAFB55315F18042AF302C32A1DB74A808DA62
                                      Function 004E924C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • VirtualQuery.KERNEL32(80000000,004E9356,0000001C,004E930B,00000000,?,?,?,?,?,?,?,004E9356,00000004,005B2840,004E93A2), ref: 004E925D
                                      • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,004E9356,00000004,005B2840,004E93A2), ref: 004E9278
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: InfoQuerySystemVirtual
                                      • String ID: D
                                      • API String ID: 401686933-2746444292
                                      • Opcode ID: d46632a26e115ef64b3bec915ddbd32c3a8856de932c62e5d2d2ad4ad171a249
                                      • Instruction ID: 2c477887736cdc2bb29f616bd7ebab82b4aade5b03038d9f44cc91bfd7c9253a
                                      • Opcode Fuzzy Hash: d46632a26e115ef64b3bec915ddbd32c3a8856de932c62e5d2d2ad4ad171a249
                                      • Instruction Fuzzy Hash: A801D472A001096BCF14DE2ADC05BEE7BA9AFD4325F0CC161EE59DB280E738DC05C680
                                      Function 004D0910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000,?,00000000,00000000,?,003F297D,?), ref: 004D0940
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 004D094C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1646373207-1090674830
                                      • Opcode ID: f1bf708ef96a3a7047f5c53c0e0d72de92e9261e0ed3ab0abafbcd933172387d
                                      • Instruction ID: b9e92844d07420c6c7d53c2d049abc831c1c8a917389f860c56d169f80b54474
                                      • Opcode Fuzzy Hash: f1bf708ef96a3a7047f5c53c0e0d72de92e9261e0ed3ab0abafbcd933172387d
                                      • Instruction Fuzzy Hash: 78F0FC753402007FE6102725EC6DB7A379CEB95741F440057F206D33A2C7785C09DA76
                                      Function 00556060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                      Download Yara Rule
                                      APIs
                                      • RemoveVectoredExceptionHandler.KERNEL32(0043C623,?,?,00000000,?,0043C623,?,?,?,?,?,00000000,?,?), ref: 00556077
                                      Strings
                                      • ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00556097
                                      • Free, xrefs: 0055609C
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ExceptionHandlerRemoveVectored
                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$Free
                                      • API String ID: 1340492425-290371620
                                      • Opcode ID: 23266b89705003bb3eb5dbf0802e385a3d0b9d80d07cb18c99384d2a98841cfd
                                      • Instruction ID: 42d423c2172b0cf56908c9c3d8d896658775e57bc41e8d468614dac7eb4b38a9
                                      • Opcode Fuzzy Hash: 23266b89705003bb3eb5dbf0802e385a3d0b9d80d07cb18c99384d2a98841cfd
                                      • Instruction Fuzzy Hash: F8F0B431E00104678B00ABA5AC1ACBF7B3CFF86705F84041DF90A67282EA65660887E1
                                      Function 00518450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00514170: _strlen.LIBCMT ref: 0051426C
                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00518480
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: ___std_exception_destroy_strlen
                                      • String ID: Bad variant access$bad_variant_access.cc
                                      • API String ID: 907491995-4004146108
                                      • Opcode ID: f95e11499c70a366ada80538f3796c0b23106137a22af2c1ead987023fc6235a
                                      • Instruction ID: 27da4baaa163dc03efba4fe4f16121b3c40259e1bcf66d99e3f7f47b62bfa426
                                      • Opcode Fuzzy Hash: f95e11499c70a366ada80538f3796c0b23106137a22af2c1ead987023fc6235a
                                      • Instruction Fuzzy Hash: 93E0D8B294030433EA11799AAC07EC77E9C9B26755F048436FA0856243EAE2B55083DA
                                      Function 004448F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(00000000), ref: 004448FE
                                      • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 0044490A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: GetHandleVerifier
                                      • API String ID: 1646373207-1090674830
                                      • Opcode ID: 7800e007039d606de8417a6c061908b3850f843ac9d6f52f894dab866ad4fc63
                                      • Instruction ID: c8688a4a84c8d4f80d398f9ceda0648598982b946c31910f0b3faa28c631afd6
                                      • Opcode Fuzzy Hash: 7800e007039d606de8417a6c061908b3850f843ac9d6f52f894dab866ad4fc63
                                      • Instruction Fuzzy Hash: 82D067A0A04204BBEE406B75DE0AB273B9CA765746F480519B506D2161DABCA809EA66
                                      Function 00401260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(?,?,00400D65,?), ref: 00401267
                                      • TerminateProcess.KERNEL32(00000000,e@,?,?,00400D65,?), ref: 0040126F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000003.00000002.2933527916.00000000003F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                      • Associated: 00000003.00000002.2933466821.00000000003F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933698943.0000000000582000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933749171.00000000005AF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933779713.00000000005B0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933814787.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933893687.00000000005C6000.00000020.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000003.00000002.2933932149.00000000005C7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_3_2_3f0000_chrome.jbxd
                                      Similarity
                                      • API ID: Process$CurrentTerminate
                                      • String ID: e@
                                      • API String ID: 2429186680-1915744004
                                      • Opcode ID: e24612c814bb0306addb44994e5f85701ca5a989c0e88cb280998d1cf9f7a2cc
                                      • Instruction ID: 7fb873fb82a63c0c6c32a0ab9093e317037d2090b3256b274c5cd1b789e7b8be
                                      • Opcode Fuzzy Hash: e24612c814bb0306addb44994e5f85701ca5a989c0e88cb280998d1cf9f7a2cc
                                      • Instruction Fuzzy Hash: 46C09B3180125C7FDB045F75DC4C8473F6CED1B161B444814B605D7520DB706805DBF5